/home/build/quick-libreswan-2/programs/pluto/ikev1.c

Bug Summary

File:	programs/pluto/ikev1.c
Warning:	line 3245, column 4 Value stored to 'c' is never read

Annotated Source Code

Press '?' to see keyboard shortcuts

Show analyzer invocation

clang -cc1 -cc1 -triple x86_64-redhat-linux-gnu -analyze -disable-free -disable-llvm-verifier -discard-value-names -main-file-name ikev1.c -analyzer-store=region -analyzer-opt-analyze-nested-blocks -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -mrelocation-model pic -pic-level 2 -pic-is-pie -mframe-pointer=all -relaxed-aliasing -fmath-errno -fno-rounding-math -mconstructor-aliases -munwind-tables -target-cpu x86-64 -tune-cpu generic -debugger-tuning=gdb -fcoverage-compilation-dir=/home/build/quick-libreswan-2/programs/pluto -resource-dir /usr/lib64/clang/13.0.0 -D TimeZoneOffset=timezone -D PIE -D NSS_IPSEC_PROFILE -D XFRM_LIFETIME_DEFAULT=30 -D USE_IKEv1 -D XFRM_SUPPORT -D USE_XFRM_INTERFACE -D USE_DNSSEC -D DEFAULT_DNSSEC_ROOTKEY_FILE="/var/lib/unbound/root.key" -D HAVE_LABELED_IPSEC -D HAVE_SECCOMP -D LIBCURL -D USE_LINUX_AUDIT -D HAVE_NM -D USE_PAM_AUTH -D USE_3DES -D USE_AES -D USE_CAMELLIA -D USE_CHACHA -D USE_DH31 -D USE_MD5 -D USE_SHA1 -D USE_SHA2 -D USE_PRF_AES_XCBC -D USE_NSS_KDF -D DEFAULT_RUNDIR="/run/pluto" -D IPSEC_CONF="/etc/ipsec.conf" -D IPSEC_CONFDDIR="/etc/ipsec.d" -D IPSEC_NSSDIR="/var/lib/ipsec/nss" -D IPSEC_CONFDIR="/etc" -D IPSEC_EXECDIR="/usr/local/libexec/ipsec" -D IPSEC_SBINDIR="/usr/local/sbin" -D IPSEC_VARDIR="/var" -D POLICYGROUPSDIR="/etc/ipsec.d/policies" -D IPSEC_SECRETS_FILE="/etc/ipsec.secrets" -D FORCE_PR_ASSERT -D USE_FORK=1 -D USE_VFORK=0 -D USE_DAEMON=0 -D USE_PTHREAD_SETSCHEDPRIO=1 -D GCC_LINT -D HAVE_LIBCAP_NG -I . -I ../../OBJ.linux.x86_64/programs/pluto -I ../../include -I /usr/include/nss3 -I /usr/include/nspr4 -I /home/build/quick-libreswan-2/programs/pluto/linux-copy -D HERE_FILENAME="programs/pluto/ikev1.c" -internal-isystem /usr/lib64/clang/13.0.0/include -internal-isystem /usr/local/include -internal-isystem /usr/bin/../lib/gcc/x86_64-redhat-linux/11/../../../../x86_64-redhat-linux/include -internal-externc-isystem /include -internal-externc-isystem /usr/include -std=gnu99 -fdebug-compilation-dir=/home/build/quick-libreswan-2/programs/pluto -ferror-limit 19 -stack-protector 3 -fgnuc-version=4.2.1 -analyzer-output=html -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /tmp/scan-build-2022-01-01-205714-1273399-1 -x c /home/build/quick-libreswan-2/programs/pluto/ikev1.c

1	/* State machine for IKEv1
2	*
3	* Copyright (C) 1997 Angelos D. Keromytis.
4	* Copyright (C) 1998-2010,2013-2016 D. Hugh Redelmeier <hugh@mimosa.com>
5	* Copyright (C) 2003-2008 Michael Richardson <mcr@xelerance.com>
6	* Copyright (C) 2008-2009 David McCullough <david_mccullough@securecomputing.com>
7	* Copyright (C) 2008-2010 Paul Wouters <paul@xelerance.com>
8	* Copyright (C) 2011 Avesh Agarwal <avagarwa@redhat.com>
9	* Copyright (C) 2008 Hiren Joshi <joshihirenn@gmail.com>
10	* Copyright (C) 2009 Anthony Tong <atong@TrustedCS.com>
11	* Copyright (C) 2012-2019 Paul Wouters <pwouters@redhat.com>
12	* Copyright (C) 2013 Wolfgang Nothdurft <wolfgang@linogate.de>
13	* Copyright (C) 2019-2019 Andrew Cagney <cagney@gnu.org>
14	*
15	* This program is free software; you can redistribute it and/or modify it
16	* under the terms of the GNU General Public License as published by the
17	* Free Software Foundation; either version 2 of the License, or (at your
18	* option) any later version. See <https://www.gnu.org/licenses/gpl2.txt>.
19	*
20	* This program is distributed in the hope that it will be useful, but
21	* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
22	* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
23	* for more details.
24	*
25	*/
26
27	/* Ordering Constraints on Payloads
28	*
29	* rfc2409: The Internet Key Exchange (IKE)
30	*
31	* 5 Exchanges:
32	* "The SA payload MUST precede all other payloads in a phase 1 exchange."
33	*
34	* "Except where otherwise noted, there are no requirements for ISAKMP
35	* payloads in any message to be in any particular order."
36	*
37	* 5.3 Phase 1 Authenticated With a Revised Mode of Public Key Encryption:
38	*
39	* "If the HASH payload is sent it MUST be the first payload of the
40	* second message exchange and MUST be followed by the encrypted
41	* nonce. If the HASH payload is not sent, the first payload of the
42	* second message exchange MUST be the encrypted nonce."
43	*
44	* "Save the requirements on the location of the optional HASH payload
45	* and the mandatory nonce payload there are no further payload
46	* requirements. All payloads-- in whatever order-- following the
47	* encrypted nonce MUST be encrypted with Ke_i or Ke_r depending on the
48	* direction."
49	*
50	* 5.5 Phase 2 - Quick Mode
51	*
52	* "In Quick Mode, a HASH payload MUST immediately follow the ISAKMP
53	* header and a SA payload MUST immediately follow the HASH."
54	* [NOTE: there may be more than one SA payload, so this is not
55	* totally reasonable. Probably all SAs should be so constrained.]
56	*
57	* "If ISAKMP is acting as a client negotiator on behalf of another
58	* party, the identities of the parties MUST be passed as IDci and
59	* then IDcr."
60	*
61	* "With the exception of the HASH, SA, and the optional ID payloads,
62	* there are no payload ordering restrictions on Quick Mode."
63	*/
64
65	/* Unfolding of Identity -- a central mystery
66	*
67	* This concerns Phase 1 identities, those of the IKE hosts.
68	* These are the only ones that are authenticated. Phase 2
69	* identities are for IPsec SAs.
70	*
71	* There are three case of interest:
72	*
73	* (1) We initiate, based on a whack command specifying a Connection.
74	* We know the identity of the peer from the Connection.
75	*
76	* (2) (to be implemented) we initiate based on a flow from our client
77	* to some IP address.
78	* We immediately know one of the peer's client IP addresses from
79	* the flow. We must use this to figure out the peer's IP address
80	* and Id. To be solved.
81	*
82	* (3) We respond to an IKE negotiation.
83	* We immediately know the peer's IP address.
84	* We get an ID Payload in Main I2.
85	*
86	* Unfortunately, this is too late for a number of things:
87	* - the ISAKMP SA proposals have already been made (Main I1)
88	* AND one accepted (Main R1)
89	* - the SA includes a specification of the type of ID
90	* authentication so this is negotiated without being told the ID.
91	* - with Preshared Key authentication, Main I2 is encrypted
92	* using the key, so it cannot be decoded to reveal the ID
93	* without knowing (or guessing) which key to use.
94	*
95	* There are three reasonable choices here for the responder:
96	* + assume that the initiator is making wise offers since it
97	* knows the IDs involved. We can balk later (but not gracefully)
98	* when we find the actual initiator ID
99	* + attempt to infer identity by IP address. Again, we can balk
100	* when the true identity is revealed. Actually, it is enough
101	* to infer properties of the identity (eg. SA properties and
102	* PSK, if needed).
103	* + make all properties universal so discrimination based on
104	* identity isn't required. For example, always accept the same
105	* kinds of encryption. Accept Public Key Id authentication
106	* since the Initiator presumably has our public key and thinks
107	* we must have / can find peers. This approach is weakest
108	* for preshared key since the actual key must be known to
109	* decrypt the Initiator's ID Payload.
110	* These choices can be blended. For example, a class of Identities
111	* can be inferred, sufficient to select a preshared key but not
112	* sufficient to infer a unique identity.
113	*/
114
115	#include <stdio.h>
116	#include <stdlib.h>
117	#include <stddef.h>
118	#include <string.h>
119	#include <unistd.h>
120	#include <errno(*__errno_location ()).h>
121	#include <sys/types.h>
122	#include <sys/socket.h>
123	#include <netinet/in.h>
124	#include <arpa/inet.h>
125
126
127	#include "sysdep.h"
128	#include "constants.h"
129
130	#include "defs.h"
131	#include "ike_spi.h"
132	#include "id.h"
133	#include "x509.h"
134	#include "pluto_x509.h"
135	#include "certs.h"
136	#include "connections.h" /* needs id.h */
137	#include "state.h"
138	#include "ikev1_msgid.h"
139	#include "packet.h"
140	#include "crypto.h"
141	#include "ike_alg.h"
142	#include "log.h"
143	#include "demux.h" /* needs packet.h */
144	#include "ikev1.h"
145	#include "ipsec_doi.h" /* needs demux.h and state.h */
146	#include "ikev1_quick.h"
147	#include "timer.h"
148	#include "whack.h" /* requires connections.h */
149	#include "server.h"
150	#include "send.h"
151	#include "ikev1_send.h"
152	#include "ikev1_xauth.h"
153	#include "retransmit.h"
154	#include "nat_traversal.h"
155	#include "ikev1_nat.h"
156	#include "vendor.h"
157	#include "ikev1_dpd.h"
158	#include "host_pair.h"
159	#include "ip_address.h"
160	#include "ikev1_hash.h"
161	#include "ike_alg_encrypt_ops.h" /* XXX: oops */
162	#include "ikev1_states.h"
163	#include "initiate.h"
164	#include "iface.h"
165	#include "ip_selector.h"
166	#include "unpack.h"
167	#include "pending.h"
168	#include "state_db.h"
169
170	#ifdef HAVE_NM1
171	#include "kernel.h"
172	#endif
173
174	#include "pluto_stats.h"
175
176	/*
177	* state_v1_microcode is a tuple of information parameterizing certain
178	* centralized processing of a packet. For example, it roughly
179	* specifies what payloads are expected in this message. The
180	* microcode is selected primarily based on the state. In Phase 1,
181	* the payload structure often depends on the authentication
182	* technique, so that too plays a part in selecting the
183	* state_v1_microcode to use.
184	*/
185
186	struct state_v1_microcode {
187	enum state_kind state, next_state;
188	lset_t flags;
189	lset_t req_payloads; /* required payloads (allows just one) */
190	lset_t opt_payloads; /* optional payloads (any number) */
191	enum event_type timeout_event;
192	ikev1_state_transition_fn *processor;
193	const char *message;
194	enum v1_hash_type hash_type;
195	};
196
197	void jam_v1_transition(struct jambuf buf, const struct state_v1_microcode transition)
198	{
199	if (transition == NULL((void*)0)) {
200	jam(buf, "NULL");
201	} else {
202	jam(buf, "%s->%s",
203	finite_states[transition->state]->short_name,
204	finite_states[transition->next_state]->short_name);
205	}
206	}
207
208	/* State Microcode Flags, in several groups */
209
210	/* Oakley Auth values: to which auth values does this entry apply?
211	* Most entries will use SMF_ALL_AUTH because they apply to all.
212	* Note: SMF_ALL_AUTH matches 0 for those circumstances when no auth
213	* has been set.
214	*
215	* The IKEv1 state machine then uses the auth type (SMF_*_AUTH flags)
216	* to select the exact state transition. For states where auth
217	* (SMF_*_AUTH flags) don't apply (.e.g, child states)
218	* flags\|=SMF_ALL_AUTH so the first transition always matches.
219	*
220	* Once a transition is selected, the containing payloads are checked
221	* against what is allowed. For instance, in STATE_MAIN_R2 ->
222	* STATE_MAIN_R3 with SMF_DS_AUTH requires P(SIG).
223	*
224	* In IKEv2, it is the message header and payload types that select
225	* the state. As for how the IKEv1 'from state' is selected, look for
226	* a big nasty magic switch.
227	*
228	* XXX: the state transition table is littered with STATE_UNDEFINED /
229	* SMF_ALL_AUTH / unexpected() entries. These are to catch things
230	* like unimplemented auth cases, and unexpected packets. For the
231	* latter, they seem to be place holders so that the table contains at
232	* least one entry for the state.
233	*
234	* XXX: Some of the SMF flags specify attributes of the current state
235	* (e.g., SMF_RETRANSMIT_ON_DUPLICATE), some apply to the state
236	* transition (e.g., SMF_REPLY), and some can be interpreted as either
237	* (.e.g., SMF_INPUT_ENCRYPTED).
238	*/
239	#define SMF_ALL_AUTH(((lset_t)1 << (OAKLEY_AUTH_ROOF - 1)) - ((lset_t)1 << (0)) + ((lset_t)1 << (OAKLEY_AUTH_ROOF - 1))) LRANGE(0, OAKLEY_AUTH_ROOF - 1)(((lset_t)1 << (OAKLEY_AUTH_ROOF - 1)) - ((lset_t)1 << (0)) + ((lset_t)1 << (OAKLEY_AUTH_ROOF - 1)))
240	#define SMF_PSK_AUTH((lset_t)1 << (OAKLEY_PRESHARED_KEY)) LELEM(OAKLEY_PRESHARED_KEY)((lset_t)1 << (OAKLEY_PRESHARED_KEY))
241	#define SMF_DS_AUTH(((lset_t)1 << (OAKLEY_DSS_SIG)) \| ((lset_t)1 << ( OAKLEY_RSA_SIG))) (LELEM(OAKLEY_DSS_SIG)((lset_t)1 << (OAKLEY_DSS_SIG)) \| LELEM(OAKLEY_RSA_SIG)((lset_t)1 << (OAKLEY_RSA_SIG)))
242	#define SMF_PKE_AUTH((lset_t)1 << (OAKLEY_RSA_ENC)) LELEM(OAKLEY_RSA_ENC)((lset_t)1 << (OAKLEY_RSA_ENC))
243	#define SMF_RPKE_AUTH((lset_t)1 << (OAKLEY_RSA_REVISED_MODE)) LELEM(OAKLEY_RSA_REVISED_MODE)((lset_t)1 << (OAKLEY_RSA_REVISED_MODE))
244
245	/* misc flags */
246	#define SMF_INITIATOR((lset_t)1 << (OAKLEY_AUTH_ROOF + 0)) LELEM(OAKLEY_AUTH_ROOF + 0)((lset_t)1 << (OAKLEY_AUTH_ROOF + 0))
247	#define SMF_FIRST_ENCRYPTED_INPUT((lset_t)1 << (OAKLEY_AUTH_ROOF + 1)) LELEM(OAKLEY_AUTH_ROOF + 1)((lset_t)1 << (OAKLEY_AUTH_ROOF + 1))
248	#define SMF_INPUT_ENCRYPTED((lset_t)1 << (OAKLEY_AUTH_ROOF + 2)) LELEM(OAKLEY_AUTH_ROOF + 2)((lset_t)1 << (OAKLEY_AUTH_ROOF + 2))
249	#define SMF_OUTPUT_ENCRYPTED((lset_t)1 << (OAKLEY_AUTH_ROOF + 3)) LELEM(OAKLEY_AUTH_ROOF + 3)((lset_t)1 << (OAKLEY_AUTH_ROOF + 3))
250	#define SMF_RETRANSMIT_ON_DUPLICATE((lset_t)1 << (OAKLEY_AUTH_ROOF + 4)) LELEM(OAKLEY_AUTH_ROOF + 4)((lset_t)1 << (OAKLEY_AUTH_ROOF + 4))
251
252	#define SMF_ENCRYPTED(((lset_t)1 << (OAKLEY_AUTH_ROOF + 2)) \| ((lset_t)1 << (OAKLEY_AUTH_ROOF + 3))) (SMF_INPUT_ENCRYPTED((lset_t)1 << (OAKLEY_AUTH_ROOF + 2)) \| SMF_OUTPUT_ENCRYPTED((lset_t)1 << (OAKLEY_AUTH_ROOF + 3)))
253
254	/* this state generates a reply message */
255	#define SMF_REPLY((lset_t)1 << (OAKLEY_AUTH_ROOF + 5)) LELEM(OAKLEY_AUTH_ROOF + 5)((lset_t)1 << (OAKLEY_AUTH_ROOF + 5))
256
257	/* this state completes P1, so any pending P2 negotiations should start */
258	#define SMF_RELEASE_PENDING_P2((lset_t)1 << (OAKLEY_AUTH_ROOF + 6)) LELEM(OAKLEY_AUTH_ROOF + 6)((lset_t)1 << (OAKLEY_AUTH_ROOF + 6))
259
260	/* if we have canoncalized the authentication from XAUTH mode */
261	#define SMF_XAUTH_AUTH((lset_t)1 << (OAKLEY_AUTH_ROOF + 7)) LELEM(OAKLEY_AUTH_ROOF + 7)((lset_t)1 << (OAKLEY_AUTH_ROOF + 7))
262
263	/* end of flags */
264
265	static ikev1_state_transition_fn unexpected; /* forward declaration */
266	static ikev1_state_transition_fn informational; /* forward declaration */
267
268	/*
269	* v1_state_microcode_table is a table of all state_v1_microcode
270	* tuples. It must be in order of state (the first element). After
271	* initialization, ike_microcode_index[s] points to the first entry in
272	* v1_state_microcode_table for state s. Remember that each state
273	* name in Main or Quick Mode describes what has happened in the past,
274	* not what this message is.
275	*/
276
277	static const struct state_v1_microcode v1_state_microcode_table[] = {
278
279	#define P(n) LELEM(ISAKMP_NEXT_ ##n)((lset_t)1 << (ISAKMP_NEXT_ ##n))
280	#define FM(F) .processor = F, .message = #F
281
282	/*** Phase 1 Main Mode ***/
283
284	/* No state for main_outI1: --> HDR, SA */
285
286	/* STATE_MAIN_R0: I1 --> R1
287	* HDR, SA --> HDR, SA
288	*/
289	{ STATE_MAIN_R0, STATE_MAIN_R1,
290	SMF_ALL_AUTH(((lset_t)1 << (OAKLEY_AUTH_ROOF - 1)) - ((lset_t)1 << (0)) + ((lset_t)1 << (OAKLEY_AUTH_ROOF - 1))) \| SMF_REPLY((lset_t)1 << (OAKLEY_AUTH_ROOF + 5)),
291	P(SA), P(VID) \| P(CR),
292	EVENT_SA_DISCARD,
293	FM(main_inI1_outR1),
294	.hash_type = V1_HASH_NONE, },
295
296	/* STATE_MAIN_I1: R1 --> I2
297	* HDR, SA --> auth dependent
298	* SMF_PSK_AUTH, SMF_DS_AUTH: --> HDR, KE, Ni
299	* SMF_PKE_AUTH:
300	* --> HDR, KE, [ HASH(1), ] <IDi1_b>PubKey_r, <Ni_b>PubKey_r
301	* SMF_RPKE_AUTH:
302	* --> HDR, [ HASH(1), ] <Ni_b>Pubkey_r, <KE_b>Ke_i, <IDi1_b>Ke_i [,<<Cert-I_b>Ke_i]
303	* Note: since we don't know auth at start, we cannot differentiate
304	* microcode entries based on it.
305	*/
306	{ STATE_MAIN_I1, STATE_MAIN_I2,
307	SMF_ALL_AUTH(((lset_t)1 << (OAKLEY_AUTH_ROOF - 1)) - ((lset_t)1 << (0)) + ((lset_t)1 << (OAKLEY_AUTH_ROOF - 1))) \| SMF_INITIATOR((lset_t)1 << (OAKLEY_AUTH_ROOF + 0)) \| SMF_REPLY((lset_t)1 << (OAKLEY_AUTH_ROOF + 5)),
308	P(SA), P(VID) \| P(CR),
309	EVENT_RETRANSMIT,
310	FM(main_inR1_outI2),
311	.hash_type = V1_HASH_NONE, },
312
313	/* STATE_MAIN_R1: I2 --> R2
314	* SMF_PSK_AUTH, SMF_DS_AUTH: HDR, KE, Ni --> HDR, KE, Nr
315	* SMF_PKE_AUTH: HDR, KE, [ HASH(1), ] <IDi1_b>PubKey_r, <Ni_b>PubKey_r
316	* --> HDR, KE, <IDr1_b>PubKey_i, <Nr_b>PubKey_i
317	* SMF_RPKE_AUTH:
318	* HDR, [ HASH(1), ] <Ni_b>Pubkey_r, <KE_b>Ke_i, <IDi1_b>Ke_i [,<<Cert-I_b>Ke_i]
319	* --> HDR, <Nr_b>PubKey_i, <KE_b>Ke_r, <IDr1_b>Ke_r
320	*/
321	{ STATE_MAIN_R1, STATE_MAIN_R2,
322	SMF_PSK_AUTH((lset_t)1 << (OAKLEY_PRESHARED_KEY)) \| SMF_DS_AUTH(((lset_t)1 << (OAKLEY_DSS_SIG)) \| ((lset_t)1 << ( OAKLEY_RSA_SIG))) \| SMF_REPLY((lset_t)1 << (OAKLEY_AUTH_ROOF + 5)) \| SMF_RETRANSMIT_ON_DUPLICATE((lset_t)1 << (OAKLEY_AUTH_ROOF + 4)),
323	P(KE) \| P(NONCE), P(VID) \| P(CR) \| P(NATD_RFC),
324	EVENT_RETRANSMIT,
325	FM(main_inI2_outR2),
326	.hash_type = V1_HASH_NONE, },
327
328	{ STATE_MAIN_R1, STATE_UNDEFINED,
329	SMF_PKE_AUTH((lset_t)1 << (OAKLEY_RSA_ENC)) \| SMF_REPLY((lset_t)1 << (OAKLEY_AUTH_ROOF + 5)) \| SMF_RETRANSMIT_ON_DUPLICATE((lset_t)1 << (OAKLEY_AUTH_ROOF + 4)),
330	P(KE) \| P(ID) \| P(NONCE), P(VID) \| P(CR) \| P(HASH),
331	EVENT_RETRANSMIT,
332	FM(unexpected) /* ??? not yet implemented */,
333	.hash_type = V1_HASH_NONE, },
334
335	{ STATE_MAIN_R1, STATE_UNDEFINED,
336	SMF_RPKE_AUTH((lset_t)1 << (OAKLEY_RSA_REVISED_MODE)) \| SMF_REPLY((lset_t)1 << (OAKLEY_AUTH_ROOF + 5)) \| SMF_RETRANSMIT_ON_DUPLICATE((lset_t)1 << (OAKLEY_AUTH_ROOF + 4)),
337	P(NONCE) \| P(KE) \| P(ID), P(VID) \| P(CR) \| P(HASH) \| P(CERT),
338	EVENT_RETRANSMIT,
339	FM(unexpected) /* ??? not yet implemented */,
340	.hash_type = V1_HASH_NONE, },
341
342	/* for states from here on, output message must be encrypted */
343
344	/* STATE_MAIN_I2: R2 --> I3
345	* SMF_PSK_AUTH: HDR, KE, Nr --> HDR*, IDi1, HASH_I
346	* SMF_DS_AUTH: HDR, KE, Nr --> HDR*, IDi1, [ CERT, ] SIG_I
347	* SMF_PKE_AUTH: HDR, KE, <IDr1_b>PubKey_i, <Nr_b>PubKey_i
348	* --> HDR*, HASH_I
349	* SMF_RPKE_AUTH: HDR, <Nr_b>PubKey_i, <KE_b>Ke_r, <IDr1_b>Ke_r
350	* --> HDR*, HASH_I
351	*/
352	{ STATE_MAIN_I2, STATE_MAIN_I3,
353	SMF_PSK_AUTH((lset_t)1 << (OAKLEY_PRESHARED_KEY)) \| SMF_DS_AUTH(((lset_t)1 << (OAKLEY_DSS_SIG)) \| ((lset_t)1 << ( OAKLEY_RSA_SIG))) \| SMF_INITIATOR((lset_t)1 << (OAKLEY_AUTH_ROOF + 0)) \| SMF_OUTPUT_ENCRYPTED((lset_t)1 << (OAKLEY_AUTH_ROOF + 3)) \| SMF_REPLY((lset_t)1 << (OAKLEY_AUTH_ROOF + 5)),
354	P(KE) \| P(NONCE), P(VID) \| P(CR) \| P(NATD_RFC),
355	EVENT_RETRANSMIT,
356	FM(main_inR2_outI3),
357	/* calls main_mode_hash() after DH */
358	.hash_type = V1_HASH_NONE, },
359
360	{ STATE_MAIN_I2, STATE_UNDEFINED,
361	SMF_PKE_AUTH((lset_t)1 << (OAKLEY_RSA_ENC)) \| SMF_INITIATOR((lset_t)1 << (OAKLEY_AUTH_ROOF + 0)) \| SMF_OUTPUT_ENCRYPTED((lset_t)1 << (OAKLEY_AUTH_ROOF + 3)) \| SMF_REPLY((lset_t)1 << (OAKLEY_AUTH_ROOF + 5)),
362	P(KE) \| P(ID) \| P(NONCE), P(VID) \| P(CR),
363	EVENT_RETRANSMIT,
364	FM(unexpected) /* ??? not yet implemented */,
365	.hash_type = V1_HASH_NONE, },
366
367	{ STATE_MAIN_I2, STATE_UNDEFINED,
368	SMF_ALL_AUTH(((lset_t)1 << (OAKLEY_AUTH_ROOF - 1)) - ((lset_t)1 << (0)) + ((lset_t)1 << (OAKLEY_AUTH_ROOF - 1))) \| SMF_INITIATOR((lset_t)1 << (OAKLEY_AUTH_ROOF + 0)) \| SMF_OUTPUT_ENCRYPTED((lset_t)1 << (OAKLEY_AUTH_ROOF + 3)) \| SMF_REPLY((lset_t)1 << (OAKLEY_AUTH_ROOF + 5)),
369	P(NONCE) \| P(KE) \| P(ID), P(VID) \| P(CR),
370	EVENT_RETRANSMIT,
371	FM(unexpected) /* ??? not yet implemented */,
372	.hash_type = V1_HASH_NONE, },
373
374	/* for states from here on, input message must be encrypted */
375
376	/* STATE_MAIN_R2: I3 --> R3
377	* SMF_PSK_AUTH: HDR, IDi1, HASH_I --> HDR, IDr1, HASH_R
378	* SMF_DS_AUTH: HDR, IDi1, [ CERT, ] SIG_I --> HDR, IDr1, [ CERT, ] SIG_R
379	* SMF_PKE_AUTH, SMF_RPKE_AUTH: HDR, HASH_I --> HDR, HASH_R
380	*/
381	{ STATE_MAIN_R2, STATE_MAIN_R3,
382	SMF_PSK_AUTH((lset_t)1 << (OAKLEY_PRESHARED_KEY)) \| SMF_FIRST_ENCRYPTED_INPUT((lset_t)1 << (OAKLEY_AUTH_ROOF + 1)) \| SMF_ENCRYPTED(((lset_t)1 << (OAKLEY_AUTH_ROOF + 2)) \| ((lset_t)1 << (OAKLEY_AUTH_ROOF + 3))) \|
383	SMF_REPLY((lset_t)1 << (OAKLEY_AUTH_ROOF + 5)) \| SMF_RELEASE_PENDING_P2((lset_t)1 << (OAKLEY_AUTH_ROOF + 6)),
384	P(ID) \| P(HASH), P(VID) \| P(CR),
385	EVENT_SA_REPLACE,
386	FM(main_inI3_outR3),
387	/* calls oakley_id_and_auth() which calls main_mode_hash() */
388	/* RFC 2409: 5. Exchanges & 5.2 Phase 1 Authenticated With Public Key Encryption
389	HASH_I = prf(SKEYID, g^xi \| g^xr \| CKY-I \| CKY-R \| SAi_b \| IDii_b ) */
390	.hash_type = V1_HASH_NONE, },
391
392	{ STATE_MAIN_R2, STATE_MAIN_R3,
393	SMF_DS_AUTH(((lset_t)1 << (OAKLEY_DSS_SIG)) \| ((lset_t)1 << ( OAKLEY_RSA_SIG))) \| SMF_FIRST_ENCRYPTED_INPUT((lset_t)1 << (OAKLEY_AUTH_ROOF + 1)) \| SMF_ENCRYPTED(((lset_t)1 << (OAKLEY_AUTH_ROOF + 2)) \| ((lset_t)1 << (OAKLEY_AUTH_ROOF + 3))) \|
394	SMF_REPLY((lset_t)1 << (OAKLEY_AUTH_ROOF + 5)) \| SMF_RELEASE_PENDING_P2((lset_t)1 << (OAKLEY_AUTH_ROOF + 6)),
395	P(ID) \| P(SIG), P(VID) \| P(CR) \| P(CERT),
396	EVENT_SA_REPLACE,
397	FM(main_inI3_outR3),
398	/* calls oakley_id_and_auth() which calls main_mode_hash() */
399	/* RFC 2409: 5. Exchanges & 5.1 IKE Phase 1 Authenticated With Signatures
400	HASH_I = prf(SKEYID, g^xi \| g^xr \| CKY-I \| CKY-R \| SAi_b \| IDii_b )
401	SIG_I = SIGN(HASH_I) *",
402	SIG_I = SIGN(HASH_I) */
403	.hash_type = V1_HASH_NONE, },
404
405	{ STATE_MAIN_R2, STATE_UNDEFINED,
406	SMF_PKE_AUTH((lset_t)1 << (OAKLEY_RSA_ENC)) \| SMF_RPKE_AUTH((lset_t)1 << (OAKLEY_RSA_REVISED_MODE)) \| SMF_FIRST_ENCRYPTED_INPUT((lset_t)1 << (OAKLEY_AUTH_ROOF + 1)) \|
407	SMF_ENCRYPTED(((lset_t)1 << (OAKLEY_AUTH_ROOF + 2)) \| ((lset_t)1 << (OAKLEY_AUTH_ROOF + 3))) \|
408	SMF_REPLY((lset_t)1 << (OAKLEY_AUTH_ROOF + 5)) \| SMF_RELEASE_PENDING_P2((lset_t)1 << (OAKLEY_AUTH_ROOF + 6)),
409	P(HASH), P(VID) \| P(CR),
410	EVENT_SA_REPLACE,
411	FM(unexpected) /* ??? not yet implemented */,
412	.hash_type = V1_HASH_NONE, },
413
414	/* STATE_MAIN_I3: R3 --> done
415	* SMF_PSK_AUTH: HDR*, IDr1, HASH_R --> done
416	* SMF_DS_AUTH: HDR*, IDr1, [ CERT, ] SIG_R --> done
417	* SMF_PKE_AUTH, SMF_RPKE_AUTH: HDR*, HASH_R --> done
418	* May initiate quick mode by calling quick_outI1
419	*/
420	{ STATE_MAIN_I3, STATE_MAIN_I4,
421	SMF_PSK_AUTH((lset_t)1 << (OAKLEY_PRESHARED_KEY)) \| SMF_INITIATOR((lset_t)1 << (OAKLEY_AUTH_ROOF + 0)) \|
422	SMF_FIRST_ENCRYPTED_INPUT((lset_t)1 << (OAKLEY_AUTH_ROOF + 1)) \| SMF_ENCRYPTED(((lset_t)1 << (OAKLEY_AUTH_ROOF + 2)) \| ((lset_t)1 << (OAKLEY_AUTH_ROOF + 3))) \| SMF_RELEASE_PENDING_P2((lset_t)1 << (OAKLEY_AUTH_ROOF + 6)),
423	P(ID) \| P(HASH), P(VID) \| P(CR),
424	EVENT_SA_REPLACE,
425	FM(main_inR3),
426	/* calls oakley_id_and_auth() which calls main_mode_hash() */
427	/* RFC 2409: 5. Exchanges & 5.2 Phase 1 Authenticated With Public Key Encryption
428	HASH_R = prf(SKEYID, g^xr \| g^xi \| CKY-R \| CKY-I \| SAi_b \| IDir_b ) */
429	.hash_type = V1_HASH_NONE, },
430
431	{ STATE_MAIN_I3, STATE_MAIN_I4,
432	SMF_DS_AUTH(((lset_t)1 << (OAKLEY_DSS_SIG)) \| ((lset_t)1 << ( OAKLEY_RSA_SIG))) \| SMF_INITIATOR((lset_t)1 << (OAKLEY_AUTH_ROOF + 0)) \|
433	SMF_FIRST_ENCRYPTED_INPUT((lset_t)1 << (OAKLEY_AUTH_ROOF + 1)) \| SMF_ENCRYPTED(((lset_t)1 << (OAKLEY_AUTH_ROOF + 2)) \| ((lset_t)1 << (OAKLEY_AUTH_ROOF + 3))) \| SMF_RELEASE_PENDING_P2((lset_t)1 << (OAKLEY_AUTH_ROOF + 6)),
434	P(ID) \| P(SIG), P(VID) \| P(CR) \| P(CERT),
435	EVENT_SA_REPLACE,
436	FM(main_inR3),
437	/* calls oakley_id_and_auth() which calls main_mode_hash() */
438	/* RFC 2409: 5. Exchanges & 5.1 IKE Phase 1 Authenticated With Signatures
439	HASH_R = prf(SKEYID, g^xr \| g^xi \| CKY-R \| CKY-I \| SAi_b \| IDir_b )
440	SIG_R = SIGN(HASH_R) */
441	.hash_type = V1_HASH_NONE, },
442
443	{ STATE_MAIN_I3, STATE_UNDEFINED,
444	SMF_PKE_AUTH((lset_t)1 << (OAKLEY_RSA_ENC)) \| SMF_RPKE_AUTH((lset_t)1 << (OAKLEY_RSA_REVISED_MODE)) \| SMF_INITIATOR((lset_t)1 << (OAKLEY_AUTH_ROOF + 0)) \|
445	SMF_FIRST_ENCRYPTED_INPUT((lset_t)1 << (OAKLEY_AUTH_ROOF + 1)) \| SMF_ENCRYPTED(((lset_t)1 << (OAKLEY_AUTH_ROOF + 2)) \| ((lset_t)1 << (OAKLEY_AUTH_ROOF + 3))) \| SMF_RELEASE_PENDING_P2((lset_t)1 << (OAKLEY_AUTH_ROOF + 6)),
446	P(HASH), P(VID) \| P(CR),
447	EVENT_SA_REPLACE,
448	FM(unexpected) /* ??? not yet implemented */,
449	.hash_type = V1_HASH_NONE, },
450
451	/* STATE_MAIN_R3: can only get here due to packet loss */
452	{ STATE_MAIN_R3, STATE_UNDEFINED,
453	SMF_ALL_AUTH(((lset_t)1 << (OAKLEY_AUTH_ROOF - 1)) - ((lset_t)1 << (0)) + ((lset_t)1 << (OAKLEY_AUTH_ROOF - 1))) \| SMF_ENCRYPTED(((lset_t)1 << (OAKLEY_AUTH_ROOF + 2)) \| ((lset_t)1 << (OAKLEY_AUTH_ROOF + 3))) \| SMF_RETRANSMIT_ON_DUPLICATE((lset_t)1 << (OAKLEY_AUTH_ROOF + 4)),
454	LEMPTY((lset_t)0), LEMPTY((lset_t)0),
455	EVENT_NULL,
456	FM(unexpected),
457	.hash_type = V1_HASH_NONE, },
458
459	/* STATE_MAIN_I4: can only get here due to packet loss */
460	{ STATE_MAIN_I4, STATE_UNDEFINED,
461	SMF_ALL_AUTH(((lset_t)1 << (OAKLEY_AUTH_ROOF - 1)) - ((lset_t)1 << (0)) + ((lset_t)1 << (OAKLEY_AUTH_ROOF - 1))) \| SMF_INITIATOR((lset_t)1 << (OAKLEY_AUTH_ROOF + 0)) \| SMF_ENCRYPTED(((lset_t)1 << (OAKLEY_AUTH_ROOF + 2)) \| ((lset_t)1 << (OAKLEY_AUTH_ROOF + 3))),
462	LEMPTY((lset_t)0), LEMPTY((lset_t)0),
463	EVENT_NULL,
464	FM(unexpected),
465	.hash_type = V1_HASH_NONE, },
466
467	/*** Phase 1 Aggressive Mode ***/
468
469	/* No initial state for aggr_outI1:
470	* SMF_DS_AUTH (RFC 2409 5.1) and SMF_PSK_AUTH (RFC 2409 5.4):
471	* -->HDR, SA, KE, Ni, IDii
472	*
473	* Not implemented:
474	* RFC 2409 5.2: --> HDR, SA, [ HASH(1),] KE, <IDii_b>Pubkey_r, <Ni_b>Pubkey_r
475	* RFC 2409 5.3: --> HDR, SA, [ HASH(1),] <Ni_b>Pubkey_r, <KE_b>Ke_i, <IDii_b>Ke_i [, <Cert-I_b>Ke_i ]
476	*/
477
478	/* STATE_AGGR_R0:
479	* SMF_PSK_AUTH: HDR, SA, KE, Ni, IDii
480	* --> HDR, SA, KE, Nr, IDir, HASH_R
481	* SMF_DS_AUTH: HDR, SA, KE, Nr, IDii
482	* --> HDR, SA, KE, Nr, IDir, [CERT,] SIG_R
483	*/
484	{ STATE_AGGR_R0, STATE_AGGR_R1,
485	SMF_PSK_AUTH((lset_t)1 << (OAKLEY_PRESHARED_KEY)) \| SMF_DS_AUTH(((lset_t)1 << (OAKLEY_DSS_SIG)) \| ((lset_t)1 << ( OAKLEY_RSA_SIG))) \| SMF_REPLY((lset_t)1 << (OAKLEY_AUTH_ROOF + 5)),
486	P(SA) \| P(KE) \| P(NONCE) \| P(ID), P(VID) \| P(NATD_RFC),
487	EVENT_SA_DISCARD,
488	FM(aggr_inI1_outR1),
489	/* N/A */
490	.hash_type = V1_HASH_NONE, },
491
492	/* STATE_AGGR_I1:
493	* SMF_PSK_AUTH: HDR, SA, KE, Nr, IDir, HASH_R
494	* --> HDR*, HASH_I
495	* SMF_DS_AUTH: HDR, SA, KE, Nr, IDir, [CERT,] SIG_R
496	* --> HDR*, [CERT,] SIG_I
497	*/
498	{ STATE_AGGR_I1, STATE_AGGR_I2,
499	SMF_PSK_AUTH((lset_t)1 << (OAKLEY_PRESHARED_KEY)) \| SMF_INITIATOR((lset_t)1 << (OAKLEY_AUTH_ROOF + 0)) \| SMF_OUTPUT_ENCRYPTED((lset_t)1 << (OAKLEY_AUTH_ROOF + 3)) \| SMF_REPLY((lset_t)1 << (OAKLEY_AUTH_ROOF + 5)) \|
500	SMF_RELEASE_PENDING_P2((lset_t)1 << (OAKLEY_AUTH_ROOF + 6)),
501	P(SA) \| P(KE) \| P(NONCE) \| P(ID) \| P(HASH), P(VID) \| P(NATD_RFC),
502	EVENT_SA_REPLACE,
503	FM(aggr_inR1_outI2),
504	/* after DH calls oakley_id_and_auth() which calls main_mode_hash() */
505	/* RFC 2409: 5. Exchanges & 5.2 Phase 1 Authenticated With Public Key Encryption
506	HASH_R = prf(SKEYID, g^xr \| g^xi \| CKY-R \| CKY-I \| SAi_b \| IDir_b ) */
507	.hash_type = V1_HASH_NONE, },
508
509	{ STATE_AGGR_I1, STATE_AGGR_I2,
510	SMF_DS_AUTH(((lset_t)1 << (OAKLEY_DSS_SIG)) \| ((lset_t)1 << ( OAKLEY_RSA_SIG))) \| SMF_INITIATOR((lset_t)1 << (OAKLEY_AUTH_ROOF + 0)) \| SMF_OUTPUT_ENCRYPTED((lset_t)1 << (OAKLEY_AUTH_ROOF + 3)) \| SMF_REPLY((lset_t)1 << (OAKLEY_AUTH_ROOF + 5)) \|
511	SMF_RELEASE_PENDING_P2((lset_t)1 << (OAKLEY_AUTH_ROOF + 6)),
512	P(SA) \| P(KE) \| P(NONCE) \| P(ID) \| P(SIG), P(VID) \| P(NATD_RFC),
513	EVENT_SA_REPLACE,
514	FM(aggr_inR1_outI2),
515	/* after DH calls oakley_id_and_auth() which calls main_mode_hash() */
516	/* RFC 2409: 5. Exchanges & 5.1 IKE Phase 1 Authenticated With Signatures
517	HASH_R = prf(SKEYID, g^xr \| g^xi \| CKY-R \| CKY-I \| SAi_b \| IDir_b )
518	SIG_R = SIGN(HASH_R) */
519	.hash_type = V1_HASH_NONE, },
520
521	/* STATE_AGGR_R1:
522	* SMF_PSK_AUTH: HDR*, HASH_I --> done
523	* SMF_DS_AUTH: HDR*, SIG_I --> done
524	*/
525	{ STATE_AGGR_R1, STATE_AGGR_R2,
526	SMF_PSK_AUTH((lset_t)1 << (OAKLEY_PRESHARED_KEY)) \| SMF_FIRST_ENCRYPTED_INPUT((lset_t)1 << (OAKLEY_AUTH_ROOF + 1)) \|
527	SMF_OUTPUT_ENCRYPTED((lset_t)1 << (OAKLEY_AUTH_ROOF + 3)) \| SMF_RELEASE_PENDING_P2((lset_t)1 << (OAKLEY_AUTH_ROOF + 6)) \|
528	SMF_RETRANSMIT_ON_DUPLICATE((lset_t)1 << (OAKLEY_AUTH_ROOF + 4)),
529	P(HASH), P(VID) \| P(NATD_RFC),
530	EVENT_SA_REPLACE,
531	FM(aggr_inI2),
532	/* calls oakley_id_and_auth() which calls main_mode_hash() */
533	/* RFC 2409: 5. Exchanges & 5.2 Phase 1 Authenticated With Public Key Encryption
534	HASH_I = prf(SKEYID, g^xi \| g^xr \| CKY-I \| CKY-R \| SAi_b \| IDii_b ) */
535	.hash_type = V1_HASH_NONE, },
536
537	{ STATE_AGGR_R1, STATE_AGGR_R2,
538	SMF_DS_AUTH(((lset_t)1 << (OAKLEY_DSS_SIG)) \| ((lset_t)1 << ( OAKLEY_RSA_SIG))) \| SMF_FIRST_ENCRYPTED_INPUT((lset_t)1 << (OAKLEY_AUTH_ROOF + 1)) \|
539	SMF_OUTPUT_ENCRYPTED((lset_t)1 << (OAKLEY_AUTH_ROOF + 3)) \| SMF_RELEASE_PENDING_P2((lset_t)1 << (OAKLEY_AUTH_ROOF + 6)) \|
540	SMF_RETRANSMIT_ON_DUPLICATE((lset_t)1 << (OAKLEY_AUTH_ROOF + 4)),
541	P(SIG), P(VID) \| P(NATD_RFC),
542	EVENT_SA_REPLACE,
543	FM(aggr_inI2),
544	/* calls oakley_id_and_auth() which calls main_mode_hash() */
545	/* RFC 2409: 5. Exchanges & 5.1 IKE Phase 1 Authenticated With Signatures
546	HASH_I = prf(SKEYID, g^xi \| g^xr \| CKY-I \| CKY-R \| SAi_b \| IDii_b )
547	SIG_I = SIGN(HASH_I) */
548	.hash_type = V1_HASH_NONE, },
549
550	/* STATE_AGGR_I2: can only get here due to packet loss */
551	{ STATE_AGGR_I2, STATE_UNDEFINED,
552	SMF_ALL_AUTH(((lset_t)1 << (OAKLEY_AUTH_ROOF - 1)) - ((lset_t)1 << (0)) + ((lset_t)1 << (OAKLEY_AUTH_ROOF - 1))) \| SMF_INITIATOR((lset_t)1 << (OAKLEY_AUTH_ROOF + 0)) \| SMF_RETRANSMIT_ON_DUPLICATE((lset_t)1 << (OAKLEY_AUTH_ROOF + 4)),
553	LEMPTY((lset_t)0), LEMPTY((lset_t)0), EVENT_NULL,
554	FM(unexpected),
555	.hash_type = V1_HASH_NONE, },
556
557	/* STATE_AGGR_R2: can only get here due to packet loss */
558	{ STATE_AGGR_R2, STATE_UNDEFINED,
559	SMF_ALL_AUTH(((lset_t)1 << (OAKLEY_AUTH_ROOF - 1)) - ((lset_t)1 << (0)) + ((lset_t)1 << (OAKLEY_AUTH_ROOF - 1))),
560	LEMPTY((lset_t)0), LEMPTY((lset_t)0), EVENT_NULL,
561	FM(unexpected),
562	.hash_type = V1_HASH_NONE, },
563
564	/*** Phase 2 Quick Mode ***/
565
566	/* No state for quick_outI1:
567	* --> HDR*, HASH(1), SA, Nr [, KE ] [, IDci, IDcr ]
568	*/
569
570	/* STATE_QUICK_R0:
571	* HDR*, HASH(1), SA, Ni [, KE ] [, IDci, IDcr ] -->
572	* HDR*, HASH(2), SA, Nr [, KE ] [, IDci, IDcr ]
573	* Installs inbound IPsec SAs.
574	* Because it may suspend for asynchronous DNS, first_out_payload
575	* is set to NONE to suppress early emission of HDR*.
576	* ??? it is legal to have multiple SAs, but we don't support it yet.
577	*/
578	{ STATE_QUICK_R0, STATE_QUICK_R1,
579	SMF_ALL_AUTH(((lset_t)1 << (OAKLEY_AUTH_ROOF - 1)) - ((lset_t)1 << (0)) + ((lset_t)1 << (OAKLEY_AUTH_ROOF - 1))) \| SMF_ENCRYPTED(((lset_t)1 << (OAKLEY_AUTH_ROOF + 2)) \| ((lset_t)1 << (OAKLEY_AUTH_ROOF + 3))) \| SMF_REPLY((lset_t)1 << (OAKLEY_AUTH_ROOF + 5)),
580	P(HASH) \| P(SA) \| P(NONCE), /* P(SA) \| */ P(KE) \| P(ID) \| P(NATOA_RFC),
581	EVENT_RETRANSMIT,
582	FM(quick_inI1_outR1),
583	/* RFC 2409: 5.5 Phase 2 - Quick Mode:
584	HASH(1) = prf(SKEYID_a, M-ID \| <rest>) */
585	.hash_type = V1_HASH_1, },
586
587	/* STATE_QUICK_I1:
588	* HDR*, HASH(2), SA, Nr [, KE ] [, IDci, IDcr ] -->
589	* HDR*, HASH(3)
590	* Installs inbound and outbound IPsec SAs, routing, etc.
591	* ??? it is legal to have multiple SAs, but we don't support it yet.
592	*/
593	{ STATE_QUICK_I1, STATE_QUICK_I2,
594	SMF_ALL_AUTH(((lset_t)1 << (OAKLEY_AUTH_ROOF - 1)) - ((lset_t)1 << (0)) + ((lset_t)1 << (OAKLEY_AUTH_ROOF - 1))) \| SMF_INITIATOR((lset_t)1 << (OAKLEY_AUTH_ROOF + 0)) \| SMF_ENCRYPTED(((lset_t)1 << (OAKLEY_AUTH_ROOF + 2)) \| ((lset_t)1 << (OAKLEY_AUTH_ROOF + 3))) \| SMF_REPLY((lset_t)1 << (OAKLEY_AUTH_ROOF + 5)),
595	P(HASH) \| P(SA) \| P(NONCE), /* P(SA) \| */ P(KE) \| P(ID) \| P(NATOA_RFC),
596	EVENT_SA_REPLACE,
597	FM(quick_inR1_outI2),
598	/* RFC 2409: 5.5 Phase 2 - Quick Mode:
599	HASH(2) = prf(SKEYID_a, M-ID \| Ni_b \| <rest>) */
600	.hash_type = V1_HASH_2, },
601
602	/* STATE_QUICK_R1: HDR*, HASH(3) --> done
603	* Installs outbound IPsec SAs, routing, etc.
604	*/
605	{ STATE_QUICK_R1, STATE_QUICK_R2,
606	SMF_ALL_AUTH(((lset_t)1 << (OAKLEY_AUTH_ROOF - 1)) - ((lset_t)1 << (0)) + ((lset_t)1 << (OAKLEY_AUTH_ROOF - 1))) \| SMF_ENCRYPTED(((lset_t)1 << (OAKLEY_AUTH_ROOF + 2)) \| ((lset_t)1 << (OAKLEY_AUTH_ROOF + 3))),
607	P(HASH), LEMPTY((lset_t)0),
608	EVENT_SA_REPLACE,
609	FM(quick_inI2),
610	/* RFC 2409: 5.5 Phase 2 - Quick Mode:
611	HASH(3) = prf(SKEYID_a, 0 \| M-ID \| Ni_b \| Nr_b) */
612	.hash_type = V1_HASH_3, },
613
614	/* STATE_QUICK_I2: can only happen due to lost packet */
615	{ STATE_QUICK_I2, STATE_UNDEFINED,
616	SMF_ALL_AUTH(((lset_t)1 << (OAKLEY_AUTH_ROOF - 1)) - ((lset_t)1 << (0)) + ((lset_t)1 << (OAKLEY_AUTH_ROOF - 1))) \| SMF_INITIATOR((lset_t)1 << (OAKLEY_AUTH_ROOF + 0)) \| SMF_ENCRYPTED(((lset_t)1 << (OAKLEY_AUTH_ROOF + 2)) \| ((lset_t)1 << (OAKLEY_AUTH_ROOF + 3))) \|
617	SMF_RETRANSMIT_ON_DUPLICATE((lset_t)1 << (OAKLEY_AUTH_ROOF + 4)),
618	LEMPTY((lset_t)0), LEMPTY((lset_t)0),
619	EVENT_NULL,
620	FM(unexpected),
621	.hash_type = V1_HASH_NONE, },
622
623	/* STATE_QUICK_R2: can only happen due to lost packet */
624	{ STATE_QUICK_R2, STATE_UNDEFINED,
625	SMF_ALL_AUTH(((lset_t)1 << (OAKLEY_AUTH_ROOF - 1)) - ((lset_t)1 << (0)) + ((lset_t)1 << (OAKLEY_AUTH_ROOF - 1))) \| SMF_ENCRYPTED(((lset_t)1 << (OAKLEY_AUTH_ROOF + 2)) \| ((lset_t)1 << (OAKLEY_AUTH_ROOF + 3))),
626	LEMPTY((lset_t)0), LEMPTY((lset_t)0),
627	EVENT_NULL,
628	FM(unexpected),
629	.hash_type = V1_HASH_NONE, },
630
631	/*** informational messages ***/
632
633	/* Informational Exchange (RFC 2408 4.8):
634	* HDR N/D
635	* Unencrypted: must not occur after ISAKMP Phase 1 exchange of keying material.
636	*/
637	/* STATE_INFO: */
638	{ STATE_INFO, STATE_UNDEFINED,
639	SMF_ALL_AUTH(((lset_t)1 << (OAKLEY_AUTH_ROOF - 1)) - ((lset_t)1 << (0)) + ((lset_t)1 << (OAKLEY_AUTH_ROOF - 1))),
640	LEMPTY((lset_t)0), LEMPTY((lset_t)0),
641	EVENT_NULL,
642	FM(informational),
643	.hash_type = V1_HASH_NONE, },
644
645	/* Informational Exchange (RFC 2408 4.8):
646	* HDR* N/D
647	*/
648	/* STATE_INFO_PROTECTED: */
649	{ STATE_INFO_PROTECTED, STATE_UNDEFINED,
650	SMF_ALL_AUTH(((lset_t)1 << (OAKLEY_AUTH_ROOF - 1)) - ((lset_t)1 << (0)) + ((lset_t)1 << (OAKLEY_AUTH_ROOF - 1))) \| SMF_ENCRYPTED(((lset_t)1 << (OAKLEY_AUTH_ROOF + 2)) \| ((lset_t)1 << (OAKLEY_AUTH_ROOF + 3))),
651	P(HASH), LEMPTY((lset_t)0),
652	EVENT_NULL,
653	FM(informational),
654	/* RFC 2409: 5.7 ISAKMP Informational Exchanges:
655	HASH(1) = prf(SKEYID_a, M-ID \| N/D) */
656	.hash_type = V1_HASH_1, },
657
658	{ STATE_XAUTH_R0, STATE_XAUTH_R1,
659	SMF_ALL_AUTH(((lset_t)1 << (OAKLEY_AUTH_ROOF - 1)) - ((lset_t)1 << (0)) + ((lset_t)1 << (OAKLEY_AUTH_ROOF - 1))) \| SMF_ENCRYPTED(((lset_t)1 << (OAKLEY_AUTH_ROOF + 2)) \| ((lset_t)1 << (OAKLEY_AUTH_ROOF + 3))),
660	P(MCFG_ATTR) \| P(HASH), P(VID),
661	EVENT_NULL,
662	FM(xauth_inR0),
663	/* RFC ????: */
664	.hash_type = V1_HASH_1, }, /* Re-transmit may be done by previous state */
665
666	{ STATE_XAUTH_R1, STATE_MAIN_R3,
667	SMF_ALL_AUTH(((lset_t)1 << (OAKLEY_AUTH_ROOF - 1)) - ((lset_t)1 << (0)) + ((lset_t)1 << (OAKLEY_AUTH_ROOF - 1))) \| SMF_ENCRYPTED(((lset_t)1 << (OAKLEY_AUTH_ROOF + 2)) \| ((lset_t)1 << (OAKLEY_AUTH_ROOF + 3))),
668	P(MCFG_ATTR) \| P(HASH), P(VID),
669	EVENT_SA_REPLACE,
670	FM(xauth_inR1),
671	/* RFC ????: */
672	.hash_type = V1_HASH_1, },
673
674	#if 0
675	/* for situation where there is XAUTH + ModeCFG */
676	{ STATE_XAUTH_R2, STATE_XAUTH_R3,
677	SMF_ALL_AUTH(((lset_t)1 << (OAKLEY_AUTH_ROOF - 1)) - ((lset_t)1 << (0)) + ((lset_t)1 << (OAKLEY_AUTH_ROOF - 1))) \| SMF_ENCRYPTED(((lset_t)1 << (OAKLEY_AUTH_ROOF + 2)) \| ((lset_t)1 << (OAKLEY_AUTH_ROOF + 3))),
678	P(MCFG_ATTR) \| P(HASH), P(VID),
679	EVENT_SA_REPLACE,
680	FM(xauth_inR2), },
681
682	{ STATE_XAUTH_R3, STATE_MAIN_R3,
683	SMF_ALL_AUTH(((lset_t)1 << (OAKLEY_AUTH_ROOF - 1)) - ((lset_t)1 << (0)) + ((lset_t)1 << (OAKLEY_AUTH_ROOF - 1))) \| SMF_ENCRYPTED(((lset_t)1 << (OAKLEY_AUTH_ROOF + 2)) \| ((lset_t)1 << (OAKLEY_AUTH_ROOF + 3))),
684	P(MCFG_ATTR) \| P(HASH), P(VID),
685	EVENT_SA_REPLACE,
686	FM(xauth_inR3), },
687	#endif
688
689	/* MODE_CFG_x:
690	* Case R0: Responder -> Initiator
691	* <- Req(addr=0)
692	* Reply(ad=x) ->
693	*
694	* Case R1: Set(addr=x) ->
695	* <- Ack(ok)
696	*/
697
698	{ STATE_MODE_CFG_R0, STATE_MODE_CFG_R1,
699	SMF_ALL_AUTH(((lset_t)1 << (OAKLEY_AUTH_ROOF - 1)) - ((lset_t)1 << (0)) + ((lset_t)1 << (OAKLEY_AUTH_ROOF - 1))) \| SMF_ENCRYPTED(((lset_t)1 << (OAKLEY_AUTH_ROOF + 2)) \| ((lset_t)1 << (OAKLEY_AUTH_ROOF + 3))) \| SMF_REPLY((lset_t)1 << (OAKLEY_AUTH_ROOF + 5)),
700	P(MCFG_ATTR) \| P(HASH), P(VID),
701	EVENT_SA_REPLACE,
702	FM(modecfg_inR0),
703	/* RFC ????: */
704	.hash_type = V1_HASH_1, },
705
706	{ STATE_MODE_CFG_R1, STATE_MODE_CFG_R2,
707	SMF_ALL_AUTH(((lset_t)1 << (OAKLEY_AUTH_ROOF - 1)) - ((lset_t)1 << (0)) + ((lset_t)1 << (OAKLEY_AUTH_ROOF - 1))) \| SMF_ENCRYPTED(((lset_t)1 << (OAKLEY_AUTH_ROOF + 2)) \| ((lset_t)1 << (OAKLEY_AUTH_ROOF + 3))),
708	P(MCFG_ATTR) \| P(HASH), P(VID),
709	EVENT_SA_REPLACE,
710	FM(modecfg_inR1),
711	/* RFC ????: */
712	.hash_type = V1_HASH_1, },
713
714	{ STATE_MODE_CFG_R2, STATE_UNDEFINED,
715	SMF_ALL_AUTH(((lset_t)1 << (OAKLEY_AUTH_ROOF - 1)) - ((lset_t)1 << (0)) + ((lset_t)1 << (OAKLEY_AUTH_ROOF - 1))) \| SMF_ENCRYPTED(((lset_t)1 << (OAKLEY_AUTH_ROOF + 2)) \| ((lset_t)1 << (OAKLEY_AUTH_ROOF + 3))),
716	LEMPTY((lset_t)0), LEMPTY((lset_t)0),
717	EVENT_NULL,
718	FM(unexpected),
719	.hash_type = V1_HASH_NONE, },
720
721	{ STATE_MODE_CFG_I1, STATE_MAIN_I4,
722	SMF_ALL_AUTH(((lset_t)1 << (OAKLEY_AUTH_ROOF - 1)) - ((lset_t)1 << (0)) + ((lset_t)1 << (OAKLEY_AUTH_ROOF - 1))) \| SMF_ENCRYPTED(((lset_t)1 << (OAKLEY_AUTH_ROOF + 2)) \| ((lset_t)1 << (OAKLEY_AUTH_ROOF + 3))) \| SMF_RELEASE_PENDING_P2((lset_t)1 << (OAKLEY_AUTH_ROOF + 6)),
723	P(MCFG_ATTR) \| P(HASH), P(VID),
724	EVENT_SA_REPLACE,
725	FM(modecfg_inR1),
726	/* RFC ????: */
727	.hash_type = V1_HASH_1, },
728
729	{ STATE_XAUTH_I0, STATE_XAUTH_I1,
730	SMF_ALL_AUTH(((lset_t)1 << (OAKLEY_AUTH_ROOF - 1)) - ((lset_t)1 << (0)) + ((lset_t)1 << (OAKLEY_AUTH_ROOF - 1))) \| SMF_ENCRYPTED(((lset_t)1 << (OAKLEY_AUTH_ROOF + 2)) \| ((lset_t)1 << (OAKLEY_AUTH_ROOF + 3))) \| SMF_REPLY((lset_t)1 << (OAKLEY_AUTH_ROOF + 5)) \| SMF_RELEASE_PENDING_P2((lset_t)1 << (OAKLEY_AUTH_ROOF + 6)),
731	P(MCFG_ATTR) \| P(HASH), P(VID),
732	EVENT_RETRANSMIT,
733	FM(xauth_inI0),
734	/* RFC ????: */
735	.hash_type = V1_HASH_1, },
736
737	{ STATE_XAUTH_I1, STATE_MAIN_I4,
738	SMF_ALL_AUTH(((lset_t)1 << (OAKLEY_AUTH_ROOF - 1)) - ((lset_t)1 << (0)) + ((lset_t)1 << (OAKLEY_AUTH_ROOF - 1))) \| SMF_ENCRYPTED(((lset_t)1 << (OAKLEY_AUTH_ROOF + 2)) \| ((lset_t)1 << (OAKLEY_AUTH_ROOF + 3))) \| SMF_REPLY((lset_t)1 << (OAKLEY_AUTH_ROOF + 5)) \| SMF_RELEASE_PENDING_P2((lset_t)1 << (OAKLEY_AUTH_ROOF + 6)),
739	P(MCFG_ATTR) \| P(HASH), P(VID),
740	EVENT_RETRANSMIT,
741	FM(xauth_inI1),
742	/* RFC ????: */
743	.hash_type = V1_HASH_1, },
744
745	{ STATE_IKEv1_ROOF, STATE_IKEv1_ROOF,
746	LEMPTY((lset_t)0),
747	LEMPTY((lset_t)0), LEMPTY((lset_t)0),
748	EVENT_NULL, NULL((void*)0),
749	.hash_type = V1_HASH_NONE, },
750
751	#undef FM
752	#undef P
753	};
754
755	void init_ikev1(struct logger *logger)
756	{
757	dbg("checking IKEv1 state table"){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("checking IKEv1 state table"); } };
758
759	/*
760	* Fill in FINITE_STATES[].
761	*
762	* This is a hack until each finite-state is a separate object
763	* with corresponding edges (aka microcodes).
764	*
765	* XXX: Long term goal is to have a constant FINITE_STATES[]
766	* contain constant pointers and this static writeable array
767	* to just go away.
768	*/
769	for (enum state_kind kind = STATE_IKEv1_FLOOR; kind < STATE_IKEv1_ROOF; kind++) {
770	/* fill in using static struct */
771	const struct finite_state *fs = &v1_states[kind - STATE_IKEv1_FLOOR];
772	passert(fs->kind == kind)({ _Bool assertion__ = fs->kind == kind; if (!assertion__) { where_t here = ({ static const struct where here = { .func = __func__, .file = "programs/pluto/ikev1.c", .line = 772, } ; &here; }); const struct logger *logger_ = &failsafe_logger ; llog_passert(logger_, here, "%s", "fs->kind == kind"); } (void) 1; });
773	passert(finite_states[kind] == NULL)({ _Bool assertion__ = finite_states[kind] == ((void)0); if ( !assertion__) { where_t here = ({ static const struct where here = { .func = __func__, .file = "programs/pluto/ikev1.c", .line = 773, }; &here; }); const struct logger logger_ = & failsafe_logger; llog_passert(logger_, here, "%s", "finite_states[kind] == ((void*)0)" ); } (void) 1; });
774	finite_states[kind] = fs;
775	}
776
777	/*
778	* Go through the state transition table filling in details
779	* and checking for inconsistencies.
780	*/
781	for (const struct state_v1_microcode *t = v1_state_microcode_table;
782	t->state < STATE_IKEv1_ROOF; t++) {
783
784	passert(t->state >= STATE_IKEv1_FLOOR)({ _Bool assertion__ = t->state >= STATE_IKEv1_FLOOR; if (!assertion__) { where_t here = ({ static const struct where here = { .func = __func__, .file = "programs/pluto/ikev1.c", .line = 784, }; &here; }); const struct logger *logger_ = &failsafe_logger; llog_passert(logger_, here, "%s", "t->state >= STATE_IKEv1_FLOOR" ); } (void) 1; });
785	passert(t->state < STATE_IKEv1_ROOF)({ _Bool assertion__ = t->state < STATE_IKEv1_ROOF; if ( !assertion__) { where_t here = ({ static const struct where here = { .func = __func__, .file = "programs/pluto/ikev1.c", .line = 785, }; &here; }); const struct logger *logger_ = & failsafe_logger; llog_passert(logger_, here, "%s", "t->state < STATE_IKEv1_ROOF" ); } (void) 1; });
786	struct finite_state *from = &v1_states[t->state - STATE_IKEv1_FLOOR];
787
788	/*
789	* Deal with next_state == STATE_UNDEFINED.
790	*
791	* XXX: STATE_UNDEFINED is used when a state
792	* transitions back to the same state; such
793	* transitions should instead explicitly specify that
794	* same state.
795	*/
796	enum state_kind next_state = (t->next_state == STATE_UNDEFINED ?
797	t->state : t->next_state);
798	passert(STATE_IKEv1_FLOOR <= next_state &&({ _Bool assertion__ = STATE_IKEv1_FLOOR <= next_state && next_state < STATE_IKEv1_ROOF; if (!assertion__) { where_t here = ({ static const struct where here = { .func = __func__ , .file = "programs/pluto/ikev1.c", .line = 799, }; &here ; }); const struct logger *logger_ = &failsafe_logger; llog_passert (logger_, here, "%s", "STATE_IKEv1_FLOOR <= next_state && next_state < STATE_IKEv1_ROOF" ); } (void) 1; })
799	next_state < STATE_IKEv1_ROOF)({ _Bool assertion__ = STATE_IKEv1_FLOOR <= next_state && next_state < STATE_IKEv1_ROOF; if (!assertion__) { where_t here = ({ static const struct where here = { .func = __func__ , .file = "programs/pluto/ikev1.c", .line = 799, }; &here ; }); const struct logger *logger_ = &failsafe_logger; llog_passert (logger_, here, "%s", "STATE_IKEv1_FLOOR <= next_state && next_state < STATE_IKEv1_ROOF" ); } (void) 1; });
800	const struct finite_state *to = finite_states[next_state];
801	passert(to != NULL)({ _Bool assertion__ = to != ((void)0); if (!assertion__) { where_t here = ({ static const struct where here = { .func = __func__ , .file = "programs/pluto/ikev1.c", .line = 801, }; &here ; }); const struct logger logger_ = &failsafe_logger; llog_passert (logger_, here, "%s", "to != ((void*)0)"); } (void) 1; });
802
803	if (DBGP(DBG_BASE)(cur_debugging & (((lset_t)1 << (DBG_BASE_IX))))) {
804	if (from->nr_transitions == 0) {
805	LSWLOG_DEBUG(buf)for (char lswbuf[((size_t)1024)], lswbuf_ = lswbuf; lswbuf_ != ((void)0); lswbuf_ = ((void)0)) for (struct jambuf jambuf = array_as_jambuf((lswbuf), sizeof(lswbuf)), buf = &jambuf ; buf != ((void)0); buf = ((void)0)) for (; buf != ((void) 0); jambuf_to_logger(buf, &failsafe_logger, DEBUG_STREAM) , buf = ((void)0)) {
806	jam_string(buf, " ");
807	lswlog_finite_state(buf, from);
808	jam_string(buf, ":");
809	}
810	}
811	DBG_log(" -> %s %s (%s)", to->short_name,
812	enum_name_short(&event_type_names,
813	t->timeout_event),
814	t->message);
815	}
816
817	/*
818	* Point .fs_v1_transitions at to the first entry in
819	* v1_state_microcode_table for that state. All other
820	* transitions for that state should follow
821	* immediately after (or to put it another way, the
822	* previous transition's state should be the same as
823	* this).
824	*/
825	if (from->v1_transitions == NULL((void*)0)) {
826	from->v1_transitions = t;
827	} else {
828	passert(t[-1].state == t->state)({ _Bool assertion__ = t[-1].state == t->state; if (!assertion__ ) { where_t here = ({ static const struct where here = { .func = __func__, .file = "programs/pluto/ikev1.c", .line = 828, } ; &here; }); const struct logger *logger_ = &failsafe_logger ; llog_passert(logger_, here, "%s", "t[-1].state == t->state" ); } (void) 1; });
829	}
830	from->nr_transitions++;
831
832	if (t->message == NULL((void*)0)) {
833	pexpect_failllog_pexpect(logger, HERE({ static const struct where here = { .func = __func__, .file = "programs/pluto/ikev1.c", .line = 833, }; &here; }), "transition %s -> %s missing .message",
834	from->short_name, to->short_name);
835	}
836
837	/*
838	* Copy (actually merge) the flags that apply to the
839	* state; and not the state transition.
840	*
841	* The original code used something like state
842	* .microcode .flags after the state transition had
843	* completed. I.e., use the flags from a
844	* not-yet-taken potential future state transition and
845	* not the previous one.
846	*
847	* This is just trying to extract them and
848	* check they are consistent.
849	*
850	* XXX: this is confusing
851	*
852	* Should fs_flags and SMF_RETRANSMIT_ON_DUPLICATE
853	* should be replaced by SMF_RESPONDING in the
854	* transition flags?
855	*
856	* Or is this more like .fs_timeout_event which is
857	* always true of a state?
858	*/
859	if ((t->flags & from->flags) != from->flags) {
860	DBGF(DBG_BASE, "transition %s -> %s (%s) missing flags 0x%"PRIxLSET,{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("transition %s -> %s (%s) missing flags 0x%" "l" "x", from->short_name, to->short_name, t->message , from->flags); } }
861	from->short_name, to->short_name,{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("transition %s -> %s (%s) missing flags 0x%" "l" "x", from->short_name, to->short_name, t->message , from->flags); } }
862	t->message, from->flags){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("transition %s -> %s (%s) missing flags 0x%" "l" "x", from->short_name, to->short_name, t->message , from->flags); } };
863	}
864	from->flags \|= t->flags & SMF_RETRANSMIT_ON_DUPLICATE((lset_t)1 << (OAKLEY_AUTH_ROOF + 4));
865
866	if (!(t->flags & SMF_FIRST_ENCRYPTED_INPUT((lset_t)1 << (OAKLEY_AUTH_ROOF + 1))) &&
867	(t->flags & SMF_INPUT_ENCRYPTED((lset_t)1 << (OAKLEY_AUTH_ROOF + 2))) &&
868	t->processor != unexpected) {
869	/*
870	* The first encrypted message carries
871	* authentication information so isn't
872	* applicable. Other encrypted messages
873	* require integrity via the HASH payload.
874	*/
875	if (!(t->req_payloads & LELEM(ISAKMP_NEXT_HASH)((lset_t)1 << (ISAKMP_NEXT_HASH)))) {
876	pexpect_failllog_pexpect(logger, HERE({ static const struct where here = { .func = __func__, .file = "programs/pluto/ikev1.c", .line = 876, }; &here; }),
877	"transition %s -> %s (%s) missing HASH payload",
878	from->short_name, to->short_name,
879	t->message);
880	}
881	if (t->hash_type == V1_HASH_NONE) {
882	pexpect_failllog_pexpect(logger, HERE({ static const struct where here = { .func = __func__, .file = "programs/pluto/ikev1.c", .line = 882, }; &here; }),
883	"transition %s -> %s (%s) missing HASH protection",
884	from->short_name, to->short_name,
885	t->message);
886	}
887	}
888	}
889	}
890
891	static stf_status unexpected(struct state st, struct msg_digest md UNUSED__attribute__ ((unused)))
892	{
893	log_state(RC_LOG_SERIOUS, st, "unexpected message received in state %s",
894	st->st_state->name);
895	return STF_IGNORE;
896	}
897
898	/*
899	* RFC 2408 Section 4.6
900	*
901	* # Initiator Direction Responder NOTE
902	* (1) HDR*; N/D => Error Notification or Deletion
903	*/
904	static stf_status informational(struct state st, struct msg_digest md)
905	{
906	/*
907	* XXX: Danger: ST is deleted midway through this function.
908	*/
909	pexpect(st == md->v1_st)({ _Bool assertion__ = st == md->v1_st; if (!assertion__) { where_t here_ = ({ static const struct where here = { .func = __func__, .file = "programs/pluto/ikev1.c", .line = 909, }; & here; }); const struct logger *logger_ = &failsafe_logger ; llog_pexpect(logger_, here_, "%s", "st == md->v1_st"); } assertion__; });
910	st = md->v1_st; /* may be NULL */
911
912	struct payload_digest *const n_pld = md->chain[ISAKMP_NEXT_N];
913
914	/* If the Notification Payload is not null... */
915	if (n_pld != NULL((void*)0)) {
916	pb_stream *const n_pbs = &n_pld->pbs;
917	struct isakmp_notification *const n =
918	&n_pld->payload.notification;
919
920	/* Switch on Notification Type (enum) */
921	/* note that we _can_ get notification payloads unencrypted
922	* once we are at least in R3/I4.
923	* and that the handler is expected to treat them suspiciously.
924	*/
925	dbg("processing informational %s (%d)",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("processing informational %s (%d)", enum_name( &ikev1_notify_names, n->isan_type), n->isan_type); } }
926	enum_name(&ikev1_notify_names, n->isan_type),{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("processing informational %s (%d)", enum_name( &ikev1_notify_names, n->isan_type), n->isan_type); } }
927	n->isan_type){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("processing informational %s (%d)", enum_name( &ikev1_notify_names, n->isan_type), n->isan_type); } };
928
929	pstats(ikev1_recv_notifies_e, n->isan_type){ const unsigned __pstat = (n->isan_type); if (__pstat < (sizeof(pstats_ikev1_recv_notifies_e) / sizeof(*(pstats_ikev1_recv_notifies_e )))) { pstats_ikev1_recv_notifies_e[__pstat]++; } else if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX))))) { DBG_log("pstats %s %d" , "ikev1_recv_notifies_e", __pstat); } };
930
931	switch (n->isan_type) {
932	/*
933	* We answer DPD probes even if they claimed not to support
934	* Dead Peer Detection.
935	* We would have to send some kind of reply anyway to prevent
936	* a retransmit, so rather then send an error, we might as
937	* well just send a DPD reply
938	*/
939	case R_U_THERE:
940	if (st == NULL((void*)0)) {
941	llog(RC_LOG, md->md_logger,
942	"received bogus R_U_THERE informational message");
943	return STF_IGNORE;
944	}
945	return dpd_inI_outR(st, n, n_pbs);
946
947	case R_U_THERE_ACK:
948	if (st == NULL((void*)0)) {
949	llog(RC_LOG, md->md_logger,
950	"received bogus R_U_THERE_ACK informational message");
951	return STF_IGNORE;
952	}
953	return dpd_inR(st, n, n_pbs);
954
955	case PAYLOAD_MALFORMED:
956	if (st != NULL((void*)0)) {
957	st->hidden_variables.st_malformed_received++;
958
959	log_state(RC_LOG, st, "received %u malformed payload notifies",
960	st->hidden_variables.st_malformed_received);
961
962	if (st->hidden_variables.st_malformed_sent >
963	MAXIMUM_MALFORMED_NOTIFY16 / 2 &&
964	((st->hidden_variables.st_malformed_sent +
965	st->hidden_variables.
966	st_malformed_received) >
967	MAXIMUM_MALFORMED_NOTIFY16)) {
968	log_state(RC_LOG, st, "too many malformed payloads (we sent %u and received %u",
969	st->hidden_variables.st_malformed_sent,
970	st->hidden_variables.st_malformed_received);
971	delete_state(st);
972	md->v1_st = st = NULL((void*)0);
973	}
974	}
975
976	return STF_IGNORE;
977
978	case ISAKMP_N_CISCO_LOAD_BALANCE:
979	/*
980	* ??? what the heck is in the payload?
981	* We take the peer's new IP address from the last 4 octets.
982	* Is anything else possible? Expected? Documented?
983	*/
984	if (st == NULL((void*)0) \|\| !IS_V1_ISAKMP_SA_ESTABLISHED(st)((((lset_t)1 << ((st)->st_state->kind)) & ((( lset_t)1 << (STATE_MAIN_R3)) \| ((lset_t)1 << (STATE_MAIN_I4 )) \| ((lset_t)1 << (STATE_AGGR_I2)) \| ((lset_t)1 << (STATE_AGGR_R2)) \| ((lset_t)1 << (STATE_XAUTH_R0)) \| ( (lset_t)1 << (STATE_XAUTH_R1)) \| ((lset_t)1 << (STATE_MODE_CFG_R0 )) \| ((lset_t)1 << (STATE_MODE_CFG_R1)) \| ((lset_t)1 << (STATE_MODE_CFG_R2)) \| ((lset_t)1 << (STATE_MODE_CFG_I1 )) \| ((lset_t)1 << (STATE_XAUTH_I0)) \| ((lset_t)1 << (STATE_XAUTH_I1)))) != ((lset_t)0))) {
985	llog(RC_LOG, md->md_logger,
986	"ignoring ISAKMP_N_CISCO_LOAD_BALANCE Informational Message with for unestablished state.");
987	} else if (pbs_left(n_pbs)((size_t)((n_pbs)->roof - (n_pbs)->cur)) < 4) {
988	log_state(RC_LOG_SERIOUS, st,
989	"ignoring ISAKMP_N_CISCO_LOAD_BALANCE Informational Message without IPv4 address");
990	} else {
991	/*
992	* Copy (not cast) the last 4 bytes
993	* (size of an IPv4) address from the
994	* end of the notification into IN
995	* (can't cast as can't assume that
996	* ->roof-4 is correctly aligned).
997	*/
998	struct in_addr in;
999	memcpy(&in, n_pbs->roof - sizeof(in), sizeof(in));
1000	ip_address new_peer = address_from_in_addr(&in);
1001
1002	/* is all zeros? */
1003	if (address_is_any(new_peer)) {
1004	ipstr_buf b;
1005
1006	log_state(RC_LOG_SERIOUS, st,
1007	"ignoring ISAKMP_N_CISCO_LOAD_BALANCE Informational Message with invalid IPv4 address %s",
1008	ipstr(&new_peer, &b));
1009	return false0; /* XXX: STF_? /
1010	}
1011
1012	/* Saving connection name and whack sock id */
1013	const char *tmp_name = st->st_connection->name;
1014	struct fd *tmp_whack_sock = fd_dup(st->st_logger->object_whackfd, HERE({ static const struct where here = { .func = __func__, .file = "programs/pluto/ikev1.c", .line = 1014, }; &here; }));
1015
1016	/* deleting ISAKMP SA with the current remote peer */
1017	delete_state(st);
1018	md->v1_st = st = NULL((void*)0);
1019
1020	/* to find and store the connection associated with tmp_name */
1021	/* ??? how do we know that tmp_name hasn't been freed? */
1022	struct connection tmp_c = conn_by_name(tmp_name, false0/!strict*/);
1023
1024	if (tmp_c == NULL((void*)0))
1025	return STF_IGNORE;
1026
1027	if (DBGP(DBG_BASE)(cur_debugging & (((lset_t)1 << (DBG_BASE_IX))))) {
1028	address_buf npb;
1029	DBG_log("new peer address: %s",
1030	str_address(&new_peer, &npb));
1031
1032	/* Current remote peer info */
1033	int count_spd = 1;
1034	for (const struct spd_route *tmp_spd = &tmp_c->spd;
1035	tmp_spd != NULL((void*)0); tmp_spd = tmp_spd->spd_next) {
1036	address_buf b;
1037
1038	DBG_log("spd route number: %d",
1039	count_spd++);
1040
1041	/that info/
1042	DBG_log("that id kind: %d",
1043	tmp_spd->that.id.kind);
1044	DBG_log("that id ipaddr: %s",
1045	str_address(&tmp_spd->that.id.ip_addr, &b));
1046	if (tmp_spd->that.id.name.ptr != NULL((void*)0)) {
1047	DBG_dump_hunk("that id name",{ typeof(tmp_spd->that.id. name) hunk_ = tmp_spd->that. id. name; DBG_dump("that id name", hunk_.ptr, hunk_.len); }
1048	tmp_spd->that.id. name){ typeof(tmp_spd->that.id. name) hunk_ = tmp_spd->that. id. name; DBG_dump("that id name", hunk_.ptr, hunk_.len); };
1049	}
1050	DBG_log("that host_addr: %s",
1051	str_address(&tmp_spd->that.host_addr, &b));
1052	DBG_log("that nexthop: %s",
1053	str_address(&tmp_spd->that.host_nexthop, &b));
1054	DBG_log("that srcip: %s",
1055	str_address(&tmp_spd->that.host_srcip, &b));
1056	selector_buf sb;
1057	DBG_log("that client: %s",
1058	str_selector(&tmp_spd->that.client, &sb));
1059	DBG_log("that has_client: %d",
1060	tmp_spd->that.has_client);
1061	DBG_log("that has_port_wildcard: %d",
1062	tmp_spd->that.has_port_wildcard);
1063	DBG_log("that has_id_wildcards: %d",
1064	tmp_spd->that.has_id_wildcards);
1065	}
1066
1067	if (tmp_c->interface != NULL((void*)0)) {
1068	endpoint_buf b;
1069	DBG_log("Current interface_addr: %s",
1070	str_endpoint(&tmp_c->interface->local_endpoint, &b));
1071	}
1072	}
1073
1074	/* save peer's old address for comparison purposes */
1075	ip_address old_addr = tmp_c->spd.that.host_addr;
1076
1077	/* update peer's address */
1078	tmp_c->spd.that.host_addr = new_peer;
1079
1080	/* Modifying connection info to store the redirected remote peer info */
1081	dbg("Old host_addr_name : %s", tmp_c->spd.that.host_addr_name){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("Old host_addr_name : %s", tmp_c->spd.that. host_addr_name); } };
1082	tmp_c->spd.that.host_addr_name = NULL((void*)0);
1083
1084	/* ??? do we know the id.kind has an ip_addr? */
1085	tmp_c->spd.that.id.ip_addr = new_peer;
1086
1087	/* update things that were the old peer */
1088	if (address_eq_address(tmp_c->spd.this.host_nexthop, old_addr)) {
1089	address_buf ob, nb;
1090	dbg("local next hop %s is the same as the old remote addr, changing local next hop to %s",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("local next hop %s is the same as the old remote addr, changing local next hop to %s" , str_address(&old_addr, &ob), str_address(&new_peer , &nb)); } }
1091	str_address(&old_addr, &ob),{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("local next hop %s is the same as the old remote addr, changing local next hop to %s" , str_address(&old_addr, &ob), str_address(&new_peer , &nb)); } }
1092	str_address(&new_peer, &nb)){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("local next hop %s is the same as the old remote addr, changing local next hop to %s" , str_address(&old_addr, &ob), str_address(&new_peer , &nb)); } };
1093	tmp_c->spd.this.host_nexthop = new_peer;
1094	}
1095
1096	if (address_eq_address(tmp_c->spd.that.host_srcip, old_addr)) {
1097	address_buf ob, nb;
1098	dbg("remote host's srcip %s is the same as the old remote addr, changing remote host's srcip to %s",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("remote host's srcip %s is the same as the old remote addr, changing remote host's srcip to %s" , str_address(&old_addr, &ob), str_address(&new_peer , &nb)); } }
1099	str_address(&old_addr, &ob),{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("remote host's srcip %s is the same as the old remote addr, changing remote host's srcip to %s" , str_address(&old_addr, &ob), str_address(&new_peer , &nb)); } }
1100	str_address(&new_peer, &nb)){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("remote host's srcip %s is the same as the old remote addr, changing remote host's srcip to %s" , str_address(&old_addr, &ob), str_address(&new_peer , &nb)); } };
1101	tmp_c->spd.that.host_srcip = new_peer;
1102	}
1103
1104	/*
1105	* XXX: should this also check that
1106	* the client is a single address?
1107	*/
1108	ip_address client_prefix = selector_prefix(tmp_c->spd.that.client);
1109	if (address_eq_address(client_prefix, old_addr)) {
1110	address_buf ob, nb;
1111	dbg("old remote client's ip %s is the same as the old remote address, changing remote client ip to %s",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("old remote client's ip %s is the same as the old remote address, changing remote client ip to %s" , str_address(&old_addr, &ob), str_address(&new_peer , &nb)); } }
1112	str_address(&old_addr, &ob),{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("old remote client's ip %s is the same as the old remote address, changing remote client ip to %s" , str_address(&old_addr, &ob), str_address(&new_peer , &nb)); } }
1113	str_address(&new_peer, &nb)){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("old remote client's ip %s is the same as the old remote address, changing remote client ip to %s" , str_address(&old_addr, &ob), str_address(&new_peer , &nb)); } };
1114	tmp_c->spd.that.client = selector_from_address(new_peer);
1115	}
1116
1117	/*
1118	* ??? is this wise? This may changes
1119	* a lot of other connections.
1120	*/
1121	tmp_c->host_pair->remote = new_peer;
1122
1123	/* Initiating connection to the redirected peer */
1124	struct logger logger[] = { GLOBAL_LOGGER(tmp_whack_sock)(struct logger) { .where = ({ static const struct where here = { .func = __func__, .file = "programs/pluto/ikev1.c", .line = 1124, }; &here; }), .global_whackfd = tmp_whack_sock, .object = ((void)0), .object_vec = &logger_global_vec, }, }; /placeholder*/
1125	initiate_connections_by_name(tmp_name, /remote-name/NULL((void*)0),
1126	/background?/tmp_whack_sock == NULL((void)0)/guess*/,
1127	logger);
1128	close_any(&tmp_whack_sock)close_any_fd((&tmp_whack_sock), ({ static const struct where here = { .func = __func__, .file = "programs/pluto/ikev1.c", .line = 1128, }; &here; }));
1129	}
1130	return STF_IGNORE;
1131	default:
1132	{
1133	struct logger logger = st != NULL((void)0) ? st->st_logger :
1134	md->md_logger;
1135	llog(RC_LOG_SERIOUS, logger,
1136	"received and ignored notification payload: %s",
1137	enum_name(&ikev1_notify_names, n->isan_type));
1138	return STF_IGNORE;
1139	}
1140	}
1141	} else {
1142	/* warn if we didn't find any Delete or Notify payload in packet */
1143	if (md->chain[ISAKMP_NEXT_D] == NULL((void*)0)) {
1144	const struct logger logger = (st != NULL((void)0) ? st->st_logger :
1145	md != NULL((void*)0) ? md->md_logger :
1146	&failsafe_logger);
1147	llog(RC_LOG_SERIOUS, logger,
1148	"received and ignored empty informational notification payload");
1149	}
1150	return STF_IGNORE;
1151	}
1152	}
1153
1154	/*
1155	* create output HDR as replica of input HDR - IKEv1 only; return the body
1156	*/
1157	void ikev1_init_pbs_out_from_md_hdr(struct msg_digest *md, bool_Bool enc,
1158	struct pbs_outpacket_byte_stream output_stream, uint8_t output_buffer,
1159	size_t sizeof_output_buffer,
1160	struct pbs_outpacket_byte_stream *rbody,
1161	struct logger *logger)
1162	{
1163	struct isakmp_hdr hdr = md->hdr; /* mostly same as incoming header */
1164
1165	/* make sure we start with a clean buffer */
1166	*output_stream = open_pbs_out("reply packet", output_buffer, sizeof_output_buffer, logger);
1167
1168	hdr.isa_flags = 0; /* zero all flags */
1169	if (enc)
1170	hdr.isa_flags \|= ISAKMP_FLAGS_v1_ENCRYPTION(1<<ISAKMP_FLAGS_v1_ENCRYPTION_IX);
1171
1172	if (impair.send_bogus_isakmp_flag) {
1173	hdr.isa_flags \|= ISAKMP_FLAGS_RESERVED_BIT6(1<<ISAKMP_FLAGS_RESERVED_BIT6_IX);
1174	}
1175
1176	/* there is only one IKEv1 version, and no new one will ever come - no need to set version */
1177	hdr.isa_np = 0;
1178	/* surely must have room and be well-formed */
1179	passert(out_struct(&hdr, &isakmp_hdr_desc, output_stream, rbody))({ _Bool assertion__ = out_struct(&hdr, &isakmp_hdr_desc , output_stream, rbody); if (!assertion__) { where_t here = ( { static const struct where here = { .func = __func__, .file = "programs/pluto/ikev1.c", .line = 1179, }; &here; }); const struct logger *logger_ = &failsafe_logger; llog_passert( logger_, here, "%s", "out_struct(&hdr, &isakmp_hdr_desc, output_stream, rbody)" ); } (void) 1; });
1180	}
1181
1182	/*
1183	* Recognise and, if necesssary, respond to an IKEv1 duplicate.
1184	*
1185	* Use .st_state, which is the true current state, and not MD
1186	* .FROM_STATE (which is derived from some convoluted magic) when
1187	* determining if the duplicate should or should not get a response.
1188	*/
1189	static bool_Bool ikev1_duplicate(struct state st, struct msg_digest md)
1190	{
1191	passert(st != NULL)({ _Bool assertion__ = st != ((void)0); if (!assertion__) { where_t here = ({ static const struct where here = { .func = __func__ , .file = "programs/pluto/ikev1.c", .line = 1191, }; &here ; }); const struct logger logger_ = &failsafe_logger; llog_passert (logger_, here, "%s", "st != ((void*)0)"); } (void) 1; });
1192	if (st->st_v1_rpacket.ptr != NULL((void*)0) &&
1193	st->st_v1_rpacket.len == pbs_room(&md->packet_pbs)((size_t)((&md->packet_pbs)->roof - (&md->packet_pbs )->start)) &&
1194	memeq(st->st_v1_rpacket.ptr, md->packet_pbs.start,(memcmp((st->st_v1_rpacket.ptr), (md->packet_pbs.start) , (st->st_v1_rpacket.len)) == 0)
1195	st->st_v1_rpacket.len)(memcmp((st->st_v1_rpacket.ptr), (md->packet_pbs.start) , (st->st_v1_rpacket.len)) == 0)) {
1196	/*
1197	* Duplicate. Drop or retransmit?
1198	*
1199	* Only re-transmit when the last state transition
1200	* (triggered by this packet the first time) included
1201	* a reply.
1202	*
1203	* XXX: is SMF_RETRANSMIT_ON_DUPLICATE useful or
1204	* correct?
1205	*/
1206	bool_Bool replied = (st->st_v1_last_transition != NULL((void*)0) &&
1207	(st->st_v1_last_transition->flags & SMF_REPLY((lset_t)1 << (OAKLEY_AUTH_ROOF + 5))));
1208	bool_Bool retransmit_on_duplicate =
1209	(st->st_state->flags & SMF_RETRANSMIT_ON_DUPLICATE((lset_t)1 << (OAKLEY_AUTH_ROOF + 4)));
1210	if (replied && retransmit_on_duplicate) {
1211	/*
1212	* Transitions with EVENT_SA_DISCARD should
1213	* always respond to re-transmits (why?); else
1214	* cap.
1215	*/
1216	if (st->st_v1_last_transition->timeout_event == EVENT_SA_DISCARD \|\|
1217	count_duplicate(st, MAXIMUM_v1_ACCEPTED_DUPLICATES2)) {
1218	log_state(RC_RETRANSMISSION, st,
1219	"retransmitting in response to duplicate packet; already %s",
1220	st->st_state->name);
1221	resend_recorded_v1_ike_msg(st, "retransmit in response to duplicate");
1222	} else {
1223	log_state(RC_LOG_SERIOUS, st,
1224	"discarding duplicate packet -- exhausted retransmission; already %s",
1225	st->st_state->name);
1226	}
1227	} else {
1228	dbg("#%lu discarding duplicate packet; already %s; replied=%s retransmit_on_duplicate=%s",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("#%lu discarding duplicate packet; already %s; replied=%s retransmit_on_duplicate=%s" , st->st_serialno, st->st_state->name, bool_str(replied ), bool_str(retransmit_on_duplicate)); } }
1229	st->st_serialno, st->st_state->name,{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("#%lu discarding duplicate packet; already %s; replied=%s retransmit_on_duplicate=%s" , st->st_serialno, st->st_state->name, bool_str(replied ), bool_str(retransmit_on_duplicate)); } }
1230	bool_str(replied), bool_str(retransmit_on_duplicate)){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("#%lu discarding duplicate packet; already %s; replied=%s retransmit_on_duplicate=%s" , st->st_serialno, st->st_state->name, bool_str(replied ), bool_str(retransmit_on_duplicate)); } };
1231	}
1232	return true1;
1233	}
1234	return false0;
1235	}
1236
1237	/* process an input packet, possibly generating a reply.
1238	*
1239	* If all goes well, this routine eventually calls a state-specific
1240	* transition function.
1241	*
1242	* This routine will not release_any_md(mdp). It is expected that its
1243	* caller will do this. In fact, it will zap *mdp to NULL if it thinks
1244	* **mdp should not be freed. So the caller should be prepared for
1245	* *mdp being set to NULL.
1246	*/
1247	void process_v1_packet(struct msg_digest *md)
1248	{
1249	bool_Bool new_iv_set = false0;
1250	struct state st = NULL((void)0);
1251	enum state_kind from_state = STATE_UNDEFINED; /* state we started in */
1252
1253	#define SEND_NOTIFICATION(t){ { const unsigned __pstat = (t); if (__pstat < (sizeof(pstats_ikev1_sent_notifies_e ) / sizeof((pstats_ikev1_sent_notifies_e)))) { pstats_ikev1_sent_notifies_e [__pstat]++; } else if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX))))) { DBG_log("pstats %s %d", "ikev1_sent_notifies_e" , __pstat); } }; if (st != ((void)0)) send_notification_from_state (st, from_state, t); else send_notification_from_md(md, t); } \
1254	{ \
1255	pstats(ikev1_sent_notifies_e, t){ const unsigned __pstat = (t); if (__pstat < (sizeof(pstats_ikev1_sent_notifies_e ) / sizeof(*(pstats_ikev1_sent_notifies_e)))) { pstats_ikev1_sent_notifies_e [__pstat]++; } else if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX))))) { DBG_log("pstats %s %d", "ikev1_sent_notifies_e" , __pstat); } }; \
1256	if (st != NULL((void*)0)) \
1257	send_notification_from_state(st, from_state, t); \
1258	else \
1259	send_notification_from_md(md, t); \
1260	}
1261
1262	#define LOG_PACKET(RC, ...){ if (st != ((void*)0)) { log_state(RC, st, ...); } else { llog (RC, md->md_logger, ...); } } \
1263	{ \
1264	if (st != NULL((void*)0)) { \
1265	log_state(RC, st, __VA_ARGS__); \
1266	} else { \
1267	llog(RC, md->md_logger, __VA_ARGS__); \
1268	} \
1269	}
1270	#define LOG_PACKET_JAMBUF(RC_FLAGS, BUF)for (char lswbuf[((size_t)1024)], lswbuf_ = lswbuf; lswbuf_ != ((void)0); lswbuf_ = ((void)0)) for (struct jambuf jambuf = array_as_jambuf((lswbuf), sizeof(lswbuf)), BUF = &jambuf ; BUF != ((void)0); BUF = ((void)0)) for (({ if (((RC_FLAGS ) & NO_PREFIX) == ((lset_t)0) && (((RC_FLAGS) & STREAM_MASK) != DEBUG_STREAM \|\| (cur_debugging & (((lset_t )1 << (DBG_ADD_PREFIX_IX)))))) { ((st != ((void)0) ? st ->st_logger : md->md_logger))->object_vec->jam_object_prefix (BUF, ((st != ((void)0) ? st->st_logger : md->md_logger ))->object); } }); BUF != ((void)0); jambuf_to_logger(BUF , ((st != ((void)0) ? st->st_logger : md->md_logger)), RC_FLAGS), BUF = ((void*)0)) \
1271	LLOG_JAMBUF(RC_FLAGS, (st != NULL ? st->st_logger : md->md_logger), BUF)for (char lswbuf[((size_t)1024)], lswbuf_ = lswbuf; lswbuf_ != ((void)0); lswbuf_ = ((void)0)) for (struct jambuf jambuf = array_as_jambuf((lswbuf), sizeof(lswbuf)), BUF = &jambuf ; BUF != ((void)0); BUF = ((void)0)) for (({ if (((RC_FLAGS ) & NO_PREFIX) == ((lset_t)0) && (((RC_FLAGS) & STREAM_MASK) != DEBUG_STREAM \|\| (cur_debugging & (((lset_t )1 << (DBG_ADD_PREFIX_IX)))))) { ((st != ((void)0) ? st ->st_logger : md->md_logger))->object_vec->jam_object_prefix (BUF, ((st != ((void)0) ? st->st_logger : md->md_logger ))->object); } }); BUF != ((void)0); jambuf_to_logger(BUF , ((st != ((void)0) ? st->st_logger : md->md_logger)), RC_FLAGS), BUF = ((void*)0))
1272
1273	switch (md->hdr.isa_xchg) {
1274	case ISAKMP_XCHG_AGGR:
1275	case ISAKMP_XCHG_IDPROT: /* part of a Main Mode exchange */
1276	if (md->hdr.isa_msgid != v1_MAINMODE_MSGID((msgid_t) 0)) {
1277	LOG_PACKET(RC_LOG, "Message ID was 0x%08" PRIx32 " but should be zero in phase 1",{ if (st != ((void*)0)) { log_state(RC_LOG, st, "Message ID was 0x%08" "x" " but should be zero in phase 1", md->hdr.isa_msgid); } else { llog(RC_LOG, md->md_logger, "Message ID was 0x%08" "x" " but should be zero in phase 1", md->hdr.isa_msgid); } }
1278	md->hdr.isa_msgid){ if (st != ((void*)0)) { log_state(RC_LOG, st, "Message ID was 0x%08" "x" " but should be zero in phase 1", md->hdr.isa_msgid); } else { llog(RC_LOG, md->md_logger, "Message ID was 0x%08" "x" " but should be zero in phase 1", md->hdr.isa_msgid); } };
1279	SEND_NOTIFICATION(INVALID_MESSAGE_ID){ { const unsigned __pstat = (INVALID_MESSAGE_ID); if (__pstat < (sizeof(pstats_ikev1_sent_notifies_e) / sizeof((pstats_ikev1_sent_notifies_e )))) { pstats_ikev1_sent_notifies_e[__pstat]++; } else if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX))))) { DBG_log("pstats %s %d" , "ikev1_sent_notifies_e", __pstat); } }; if (st != ((void)0 )) send_notification_from_state(st, from_state, INVALID_MESSAGE_ID ); else send_notification_from_md(md, INVALID_MESSAGE_ID); };
1280	return;
1281	}
1282
1283	if (ike_spi_is_zero(&md->hdr.isa_ike_initiator_spiisa_ike_spis.initiator)) {
1284	LOG_PACKET(RC_LOG, "Initiator Cookie must not be zero in phase 1 message"){ if (st != ((void*)0)) { log_state(RC_LOG, st, "Initiator Cookie must not be zero in phase 1 message" ); } else { llog(RC_LOG, md->md_logger, "Initiator Cookie must not be zero in phase 1 message" ); } };
1285	SEND_NOTIFICATION(INVALID_COOKIE){ { const unsigned __pstat = (INVALID_COOKIE); if (__pstat < (sizeof(pstats_ikev1_sent_notifies_e) / sizeof((pstats_ikev1_sent_notifies_e )))) { pstats_ikev1_sent_notifies_e[__pstat]++; } else if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX))))) { DBG_log("pstats %s %d" , "ikev1_sent_notifies_e", __pstat); } }; if (st != ((void)0 )) send_notification_from_state(st, from_state, INVALID_COOKIE ); else send_notification_from_md(md, INVALID_COOKIE); };
1286	return;
1287	}
1288
1289	if (ike_spi_is_zero(&md->hdr.isa_ike_responder_spiisa_ike_spis.responder)) {
1290	/*
1291	* initial message from initiator
1292	*/
1293	if (md->hdr.isa_flags & ISAKMP_FLAGS_v1_ENCRYPTION(1<<ISAKMP_FLAGS_v1_ENCRYPTION_IX)) {
1294	LOG_PACKET(RC_LOG, "initial phase 1 message is invalid: its Encrypted Flag is on"){ if (st != ((void*)0)) { log_state(RC_LOG, st, "initial phase 1 message is invalid: its Encrypted Flag is on" ); } else { llog(RC_LOG, md->md_logger, "initial phase 1 message is invalid: its Encrypted Flag is on" ); } };
1295	SEND_NOTIFICATION(INVALID_FLAGS){ { const unsigned __pstat = (INVALID_FLAGS); if (__pstat < (sizeof(pstats_ikev1_sent_notifies_e) / sizeof((pstats_ikev1_sent_notifies_e )))) { pstats_ikev1_sent_notifies_e[__pstat]++; } else if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX))))) { DBG_log("pstats %s %d" , "ikev1_sent_notifies_e", __pstat); } }; if (st != ((void)0 )) send_notification_from_state(st, from_state, INVALID_FLAGS ); else send_notification_from_md(md, INVALID_FLAGS); };
1296	return;
1297	}
1298
1299	/*
1300	* If there is already an existing state with
1301	* this ICOOKIE, assume it is some sort of
1302	* re-transmit.
1303	*/
1304	st = find_state_ikev1_init(&md->hdr.isa_ike_initiator_spiisa_ike_spis.initiator,
1305	md->hdr.isa_msgid);
1306	if (st != NULL((void*)0)) {
1307	if (!ikev1_duplicate(st, md)) {
1308	/*
1309	* Not a duplicate for the
1310	* current state; assume that
1311	* this a really old
1312	* re-transmit for an earlier
1313	* state that should be
1314	* discarded.
1315	*/
1316	log_state(RC_LOG, st, "discarding initial packet; already %s",
1317	st->st_state->name);
1318	}
1319	return;
1320	}
1321	passert(st == NULL)({ _Bool assertion__ = st == ((void)0); if (!assertion__) { where_t here = ({ static const struct where here = { .func = __func__ , .file = "programs/pluto/ikev1.c", .line = 1321, }; &here ; }); const struct logger logger_ = &failsafe_logger; llog_passert (logger_, here, "%s", "st == ((void)0)"); } (void) 1; }); / new state needed */
1322	/* don't build a state until the message looks tasty */
1323	from_state = (md->hdr.isa_xchg == ISAKMP_XCHG_IDPROT ?
1324	STATE_MAIN_R0 : STATE_AGGR_R0);
1325	} else {
1326	/* not an initial message */
1327
1328	st = find_state_ikev1(&md->hdr.isa_ike_spis,
1329	md->hdr.isa_msgid);
1330
1331	if (st == NULL((void*)0)) {
1332	/*
1333	* perhaps this is a first message
1334	* from the responder and contains a
1335	* responder cookie that we've not yet
1336	* seen.
1337	*/
1338	st = find_state_ikev1_init(&md->hdr.isa_ike_initiator_spiisa_ike_spis.initiator,
1339	md->hdr.isa_msgid);
1340
1341	if (st == NULL((void*)0)) {
1342	llog(RC_LOG, md->md_logger,
1343	"phase 1 message is part of an unknown exchange");
1344	/* XXX Could send notification back */
1345	return;
1346	}
1347	}
1348	from_state = st->st_state->kind;
1349	}
1350	break;
1351
1352	case ISAKMP_XCHG_INFO: /* an informational exchange */
1353	st = find_v1_info_state(&md->hdr.isa_ike_spis,
1354	v1_MAINMODE_MSGID((msgid_t) 0));
1355
1356	if (st == NULL((void*)0)) {
1357	/*
1358	* might be an informational response to our
1359	* first message, in which case, we don't know
1360	* the rcookie yet.
1361	*/
1362	st = find_state_ikev1_init(&md->hdr.isa_ike_initiator_spiisa_ike_spis.initiator,
1363	v1_MAINMODE_MSGID((msgid_t) 0));
1364	}
1365
1366	if (md->hdr.isa_flags & ISAKMP_FLAGS_v1_ENCRYPTION(1<<ISAKMP_FLAGS_v1_ENCRYPTION_IX)) {
1367	bool_Bool quiet = (st == NULL((void*)0));
1368
1369	if (st == NULL((void*)0)) {
1370	if (DBGP(DBG_BASE)(cur_debugging & (((lset_t)1 << (DBG_BASE_IX))))) {
1371	DBG_log("Informational Exchange is for an unknown (expired?) SA with MSGID:0x%08" PRIx32"x",
1372	md->hdr.isa_msgid);
1373	DBG_dump_thing("- unknown SA's md->hdr.isa_ike_initiator_spi.bytes:",DBG_dump("- unknown SA's md->hdr.isa_ike_initiator_spi.bytes:" , &(md->hdr.isa_ike_spis.initiator), sizeof(md->hdr .isa_ike_spis.initiator))
1374	md->hdr.isa_ike_initiator_spi)DBG_dump("- unknown SA's md->hdr.isa_ike_initiator_spi.bytes:" , &(md->hdr.isa_ike_spis.initiator), sizeof(md->hdr .isa_ike_spis.initiator));
1375	DBG_dump_thing("- unknown SA's md->hdr.isa_ike_responder_spi.bytes:",DBG_dump("- unknown SA's md->hdr.isa_ike_responder_spi.bytes:" , &(md->hdr.isa_ike_spis.responder), sizeof(md->hdr .isa_ike_spis.responder))
1376	md->hdr.isa_ike_responder_spi)DBG_dump("- unknown SA's md->hdr.isa_ike_responder_spi.bytes:" , &(md->hdr.isa_ike_spis.responder), sizeof(md->hdr .isa_ike_spis.responder));
1377	}
1378
1379	/* XXX Could send notification back */
1380	return;
1381	}
1382
1383	if (!IS_V1_ISAKMP_ENCRYPTED(st->st_state->kind)((((lset_t)1 << (st->st_state->kind)) & ((((lset_t )1 << (STATE_MAIN_I4)) - ((lset_t)1 << (STATE_MAIN_R2 )) + ((lset_t)1 << (STATE_MAIN_I4))) \| (((lset_t)1 << (STATE_AGGR_R2)) - ((lset_t)1 << (STATE_AGGR_R1)) + (( lset_t)1 << (STATE_AGGR_R2))) \| (((lset_t)1 << (STATE_QUICK_R2 )) - ((lset_t)1 << (STATE_QUICK_R0)) + ((lset_t)1 << (STATE_QUICK_R2))) \| ((lset_t)1 << (STATE_INFO_PROTECTED )) \| (((lset_t)1 << (STATE_XAUTH_I1)) - ((lset_t)1 << (STATE_XAUTH_R0)) + ((lset_t)1 << (STATE_XAUTH_I1))))) != ((lset_t)0))) {
1384	if (!quiet) {
1385	log_state(RC_LOG_SERIOUS, st,
1386	"encrypted Informational Exchange message is invalid because no key is known");
1387	}
1388	/* XXX Could send notification back */
1389	return;
1390	}
1391
1392	if (md->hdr.isa_msgid == v1_MAINMODE_MSGID((msgid_t) 0)) {
1393	if (!quiet) {
1394	log_state(RC_LOG_SERIOUS, st,
1395	"Informational Exchange message is invalid because it has a Message ID of 0");
1396	}
1397	/* XXX Could send notification back */
1398	return;
1399	}
1400
1401	if (!unique_msgid(st, md->hdr.isa_msgid)) {
1402	if (!quiet) {
1403	log_state(RC_LOG_SERIOUS, st,
1404	"Informational Exchange message is invalid because it has a previously used Message ID (0x%08" PRIx32"x" " )",
1405	md->hdr.isa_msgid);
1406	}
1407	/* XXX Could send notification back */
1408	return;
1409	}
1410	st->st_v1_msgid.reserved = false0;
1411
1412	init_phase2_iv(st, &md->hdr.isa_msgid);
1413	new_iv_set = true1;
1414
1415	from_state = STATE_INFO_PROTECTED;
1416	} else {
1417	if (st != NULL((void*)0) &&
1418	IS_V1_ISAKMP_AUTHENTICATED(st->st_state)(STATE_MAIN_R3 <= ((st->st_state)->kind) && STATE_AGGR_R0 != ((st->st_state)->kind) && STATE_AGGR_I1 != ( (st->st_state)->kind))) {
1419	log_state(RC_LOG_SERIOUS, st,
1420	"Informational Exchange message must be encrypted");
1421	/* XXX Could send notification back */
1422	return;
1423	}
1424	from_state = STATE_INFO;
1425	}
1426	break;
1427
1428	case ISAKMP_XCHG_QUICK: /* part of a Quick Mode exchange */
1429
1430	if (ike_spi_is_zero(&md->hdr.isa_ike_initiator_spiisa_ike_spis.initiator)) {
1431	dbg("Quick Mode message is invalid because it has an Initiator Cookie of 0"){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("Quick Mode message is invalid because it has an Initiator Cookie of 0" ); } };
1432	SEND_NOTIFICATION(INVALID_COOKIE){ { const unsigned __pstat = (INVALID_COOKIE); if (__pstat < (sizeof(pstats_ikev1_sent_notifies_e) / sizeof((pstats_ikev1_sent_notifies_e )))) { pstats_ikev1_sent_notifies_e[__pstat]++; } else if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX))))) { DBG_log("pstats %s %d" , "ikev1_sent_notifies_e", __pstat); } }; if (st != ((void)0 )) send_notification_from_state(st, from_state, INVALID_COOKIE ); else send_notification_from_md(md, INVALID_COOKIE); };
1433	return;
1434	}
1435
1436	if (ike_spi_is_zero(&md->hdr.isa_ike_responder_spiisa_ike_spis.responder)) {
1437	dbg("Quick Mode message is invalid because it has a Responder Cookie of 0"){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("Quick Mode message is invalid because it has a Responder Cookie of 0" ); } };
1438	SEND_NOTIFICATION(INVALID_COOKIE){ { const unsigned __pstat = (INVALID_COOKIE); if (__pstat < (sizeof(pstats_ikev1_sent_notifies_e) / sizeof((pstats_ikev1_sent_notifies_e )))) { pstats_ikev1_sent_notifies_e[__pstat]++; } else if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX))))) { DBG_log("pstats %s %d" , "ikev1_sent_notifies_e", __pstat); } }; if (st != ((void)0 )) send_notification_from_state(st, from_state, INVALID_COOKIE ); else send_notification_from_md(md, INVALID_COOKIE); };
1439	return;
1440	}
1441
1442	if (md->hdr.isa_msgid == v1_MAINMODE_MSGID((msgid_t) 0)) {
1443	dbg("Quick Mode message is invalid because it has a Message ID of 0"){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("Quick Mode message is invalid because it has a Message ID of 0" ); } };
1444	SEND_NOTIFICATION(INVALID_MESSAGE_ID){ { const unsigned __pstat = (INVALID_MESSAGE_ID); if (__pstat < (sizeof(pstats_ikev1_sent_notifies_e) / sizeof((pstats_ikev1_sent_notifies_e )))) { pstats_ikev1_sent_notifies_e[__pstat]++; } else if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX))))) { DBG_log("pstats %s %d" , "ikev1_sent_notifies_e", __pstat); } }; if (st != ((void)0 )) send_notification_from_state(st, from_state, INVALID_MESSAGE_ID ); else send_notification_from_md(md, INVALID_MESSAGE_ID); };
1445	return;
1446	}
1447
1448	st = find_state_ikev1(&md->hdr.isa_ike_spis,
1449	md->hdr.isa_msgid);
1450
1451	if (st == NULL((void*)0)) {
1452	/* No appropriate Quick Mode state.
1453	* See if we have a Main Mode state.
1454	* ??? what if this is a duplicate of another message?
1455	*/
1456	st = find_state_ikev1(&md->hdr.isa_ike_spis,
1457	v1_MAINMODE_MSGID((msgid_t) 0));
1458
1459	if (st == NULL((void*)0)) {
1460	dbg("Quick Mode message is for a non-existent (expired?) ISAKMP SA"){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("Quick Mode message is for a non-existent (expired?) ISAKMP SA" ); } };
1461	/* XXX Could send notification back */
1462	return;
1463	}
1464
1465	if (st->st_oakley.doing_xauth) {
1466	dbg("Cannot do Quick Mode until XAUTH done."){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("Cannot do Quick Mode until XAUTH done."); } };
1467	return;
1468	}
1469
1470	/* Have we just given an IP address to peer? */
1471	if (st->st_state->kind == STATE_MODE_CFG_R2) {
1472	/* ISAKMP is up... */
1473	change_state(st, STATE_MAIN_R3);
1474	}
1475
1476	#ifdef SOFTREMOTE_CLIENT_WORKAROUND
1477	/* See: http://popoludnica.pl/?id=10100110 */
1478	if (st->st_state->kind == STATE_MODE_CFG_R1) {
1479	log_state(RC_LOG, st,
1480	"SoftRemote workaround: Cannot do Quick Mode until MODECFG done.");
1481	return;
1482	}
1483	#endif
1484
1485
1486	if (!IS_V1_ISAKMP_SA_ESTABLISHED(st)((((lset_t)1 << ((st)->st_state->kind)) & ((( lset_t)1 << (STATE_MAIN_R3)) \| ((lset_t)1 << (STATE_MAIN_I4 )) \| ((lset_t)1 << (STATE_AGGR_I2)) \| ((lset_t)1 << (STATE_AGGR_R2)) \| ((lset_t)1 << (STATE_XAUTH_R0)) \| ( (lset_t)1 << (STATE_XAUTH_R1)) \| ((lset_t)1 << (STATE_MODE_CFG_R0 )) \| ((lset_t)1 << (STATE_MODE_CFG_R1)) \| ((lset_t)1 << (STATE_MODE_CFG_R2)) \| ((lset_t)1 << (STATE_MODE_CFG_I1 )) \| ((lset_t)1 << (STATE_XAUTH_I0)) \| ((lset_t)1 << (STATE_XAUTH_I1)))) != ((lset_t)0))) {
1487	log_state(RC_LOG_SERIOUS, st,
1488	"Quick Mode message is unacceptable because it is for an incomplete ISAKMP SA");
1489	SEND_NOTIFICATION(PAYLOAD_MALFORMED /* XXX ? /){ { const unsigned __pstat = (PAYLOAD_MALFORMED); if (__pstat < (sizeof(pstats_ikev1_sent_notifies_e) / sizeof((pstats_ikev1_sent_notifies_e )))) { pstats_ikev1_sent_notifies_e[__pstat]++; } else if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX))))) { DBG_log("pstats %s %d" , "ikev1_sent_notifies_e", __pstat); } }; if (st != ((void*)0 )) send_notification_from_state(st, from_state, PAYLOAD_MALFORMED ); else send_notification_from_md(md, PAYLOAD_MALFORMED); };
1490	return;
1491	}
1492
1493	if (!unique_msgid(st, md->hdr.isa_msgid)) {
1494	log_state(RC_LOG_SERIOUS, st,
1495	"Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x%08" PRIx32"x" " (perhaps this is a duplicated packet)",
1496	md->hdr.isa_msgid);
1497	SEND_NOTIFICATION(INVALID_MESSAGE_ID){ { const unsigned __pstat = (INVALID_MESSAGE_ID); if (__pstat < (sizeof(pstats_ikev1_sent_notifies_e) / sizeof((pstats_ikev1_sent_notifies_e )))) { pstats_ikev1_sent_notifies_e[__pstat]++; } else if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX))))) { DBG_log("pstats %s %d" , "ikev1_sent_notifies_e", __pstat); } }; if (st != ((void)0 )) send_notification_from_state(st, from_state, INVALID_MESSAGE_ID ); else send_notification_from_md(md, INVALID_MESSAGE_ID); };
1498	return;
1499	}
1500	st->st_v1_msgid.reserved = false0;
1501
1502	/* Quick Mode Initial IV */
1503	init_phase2_iv(st, &md->hdr.isa_msgid);
1504	new_iv_set = true1;
1505
1506	from_state = STATE_QUICK_R0;
1507	} else {
1508	if (st->st_oakley.doing_xauth) {
1509	log_state(RC_LOG, st, "Cannot do Quick Mode until XAUTH done.");
1510	return;
1511	}
1512	from_state = st->st_state->kind;
1513	}
1514
1515	break;
1516
1517	case ISAKMP_XCHG_MODE_CFG:
1518	if (ike_spi_is_zero(&md->hdr.isa_ike_initiator_spiisa_ike_spis.initiator)) {
1519	dbg("Mode Config message is invalid because it has an Initiator Cookie of 0"){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("Mode Config message is invalid because it has an Initiator Cookie of 0" ); } };
1520	/* XXX Could send notification back */
1521	return;
1522	}
1523
1524	if (ike_spi_is_zero(&md->hdr.isa_ike_responder_spiisa_ike_spis.responder)) {
1525	dbg("Mode Config message is invalid because it has a Responder Cookie of 0"){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("Mode Config message is invalid because it has a Responder Cookie of 0" ); } };
1526	/* XXX Could send notification back */
1527	return;
1528	}
1529
1530	if (md->hdr.isa_msgid == 0) {
1531	dbg("Mode Config message is invalid because it has a Message ID of 0"){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("Mode Config message is invalid because it has a Message ID of 0" ); } };
1532	/* XXX Could send notification back */
1533	return;
1534	}
1535
1536	st = find_v1_info_state(&md->hdr.isa_ike_spis, md->hdr.isa_msgid);
1537
1538	if (st == NULL((void*)0)) {
1539	/* No appropriate Mode Config state.
1540	* See if we have a Main Mode state.
1541	* ??? what if this is a duplicate of another message?
1542	*/
1543	dbg("No appropriate Mode Config state yet. See if we have a Main Mode state"){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("No appropriate Mode Config state yet. See if we have a Main Mode state" ); } };
1544
1545	st = find_v1_info_state(&md->hdr.isa_ike_spis, 0);
1546
1547	if (st == NULL((void*)0)) {
1548	dbg("Mode Config message is for a non-existent (expired?) ISAKMP SA"){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("Mode Config message is for a non-existent (expired?) ISAKMP SA" ); } };
1549	/* XXX Could send notification back */
1550	/* ??? ought to log something (not just DBG)? */
1551	return;
1552	}
1553
1554
1555	const struct end *this = &st->st_connection->spd.this;
1556	esb_buf b;
1557	dbg(" processing received isakmp_xchg_type %s; this is a%s%s%s%s",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log(" processing received isakmp_xchg_type %s; this is a%s%s%s%s" , enum_show(&ikev1_exchange_names, md->hdr.isa_xchg, & b), this->xauth_server ? " xauthserver" : "", this->xauth_client ? " xauthclient" : "", this->modecfg_server ? " modecfgserver" : "", this->modecfg_client ? " modecfgclient" : ""); } }
1558	enum_show(&ikev1_exchange_names, md->hdr.isa_xchg, &b),{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log(" processing received isakmp_xchg_type %s; this is a%s%s%s%s" , enum_show(&ikev1_exchange_names, md->hdr.isa_xchg, & b), this->xauth_server ? " xauthserver" : "", this->xauth_client ? " xauthclient" : "", this->modecfg_server ? " modecfgserver" : "", this->modecfg_client ? " modecfgclient" : ""); } }
1559	this->xauth_server ? " xauthserver" : "",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log(" processing received isakmp_xchg_type %s; this is a%s%s%s%s" , enum_show(&ikev1_exchange_names, md->hdr.isa_xchg, & b), this->xauth_server ? " xauthserver" : "", this->xauth_client ? " xauthclient" : "", this->modecfg_server ? " modecfgserver" : "", this->modecfg_client ? " modecfgclient" : ""); } }
1560	this->xauth_client ? " xauthclient" : "",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log(" processing received isakmp_xchg_type %s; this is a%s%s%s%s" , enum_show(&ikev1_exchange_names, md->hdr.isa_xchg, & b), this->xauth_server ? " xauthserver" : "", this->xauth_client ? " xauthclient" : "", this->modecfg_server ? " modecfgserver" : "", this->modecfg_client ? " modecfgclient" : ""); } }
1561	this->modecfg_server ? " modecfgserver" : "",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log(" processing received isakmp_xchg_type %s; this is a%s%s%s%s" , enum_show(&ikev1_exchange_names, md->hdr.isa_xchg, & b), this->xauth_server ? " xauthserver" : "", this->xauth_client ? " xauthclient" : "", this->modecfg_server ? " modecfgserver" : "", this->modecfg_client ? " modecfgclient" : ""); } }
1562	this->modecfg_client ? " modecfgclient" : ""){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log(" processing received isakmp_xchg_type %s; this is a%s%s%s%s" , enum_show(&ikev1_exchange_names, md->hdr.isa_xchg, & b), this->xauth_server ? " xauthserver" : "", this->xauth_client ? " xauthclient" : "", this->modecfg_server ? " modecfgserver" : "", this->modecfg_client ? " modecfgclient" : ""); } };
1563
1564	if (!IS_V1_ISAKMP_SA_ESTABLISHED(st)((((lset_t)1 << ((st)->st_state->kind)) & ((( lset_t)1 << (STATE_MAIN_R3)) \| ((lset_t)1 << (STATE_MAIN_I4 )) \| ((lset_t)1 << (STATE_AGGR_I2)) \| ((lset_t)1 << (STATE_AGGR_R2)) \| ((lset_t)1 << (STATE_XAUTH_R0)) \| ( (lset_t)1 << (STATE_XAUTH_R1)) \| ((lset_t)1 << (STATE_MODE_CFG_R0 )) \| ((lset_t)1 << (STATE_MODE_CFG_R1)) \| ((lset_t)1 << (STATE_MODE_CFG_R2)) \| ((lset_t)1 << (STATE_MODE_CFG_I1 )) \| ((lset_t)1 << (STATE_XAUTH_I0)) \| ((lset_t)1 << (STATE_XAUTH_I1)))) != ((lset_t)0))) {
1565	dbg("Mode Config message is unacceptable because it is for an incomplete ISAKMP SA (state=%s)",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("Mode Config message is unacceptable because it is for an incomplete ISAKMP SA (state=%s)" , st->st_state->name); } }
1566	st->st_state->name){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("Mode Config message is unacceptable because it is for an incomplete ISAKMP SA (state=%s)" , st->st_state->name); } };
1567	/* XXX Could send notification back */
1568	return;
1569	}
1570	dbg(" call init_phase2_iv"){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log(" call init_phase2_iv"); } };
1571	init_phase2_iv(st, &md->hdr.isa_msgid);
1572	new_iv_set = true1;
1573
1574	/*
1575	* okay, now we have to figure out if we are receiving a bogus
1576	* new message in an outstanding XAUTH server conversation
1577	* (i.e. a reply to our challenge)
1578	* (this occurs with some broken other implementations).
1579	*
1580	* or if receiving for the first time, an XAUTH challenge.
1581	*
1582	* or if we are getting a MODECFG request.
1583	*
1584	* we distinguish these states because we cannot both be an
1585	* XAUTH server and client, and our policy tells us which
1586	* one we are.
1587	*
1588	* to complicate further, it is normal to start a new msgid
1589	* when going from one state to another, or when restarting
1590	* the challenge.
1591	*
1592	*/
1593
1594	if (this->xauth_server &&
1595	st->st_state->kind == STATE_XAUTH_R1 &&
1596	st->quirks.xauth_ack_msgid) {
1597	from_state = STATE_XAUTH_R1;
1598	dbg(" set from_state to %s state is STATE_XAUTH_R1 and quirks.xauth_ack_msgid is TRUE",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log(" set from_state to %s state is STATE_XAUTH_R1 and quirks.xauth_ack_msgid is TRUE" , st->st_state->name); } }
1599	st->st_state->name){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log(" set from_state to %s state is STATE_XAUTH_R1 and quirks.xauth_ack_msgid is TRUE" , st->st_state->name); } };
1600	} else if (this->xauth_client &&
1601	IS_V1_PHASE1(st->st_state->kind)(STATE_MAIN_R0 <= (st->st_state->kind) && (st ->st_state->kind) <= STATE_AGGR_R2)) {
1602	from_state = STATE_XAUTH_I0;
1603	dbg(" set from_state to %s this is xauthclient and IS_PHASE1() is TRUE",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log(" set from_state to %s this is xauthclient and IS_PHASE1() is TRUE" , st->st_state->name); } }
1604	st->st_state->name){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log(" set from_state to %s this is xauthclient and IS_PHASE1() is TRUE" , st->st_state->name); } };
1605	} else if (this->xauth_client &&
1606	st->st_state->kind == STATE_XAUTH_I1) {
1607	/*
1608	* in this case, we got a new MODECFG message after I0, maybe
1609	* because it wants to start over again.
1610	*/
1611	from_state = STATE_XAUTH_I0;
1612	dbg(" set from_state to %s this is xauthclient and state == STATE_XAUTH_I1",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log(" set from_state to %s this is xauthclient and state == STATE_XAUTH_I1" , st->st_state->name); } }
1613	st->st_state->name){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log(" set from_state to %s this is xauthclient and state == STATE_XAUTH_I1" , st->st_state->name); } };
1614	} else if (this->modecfg_server &&
1615	IS_V1_PHASE1(st->st_state->kind)(STATE_MAIN_R0 <= (st->st_state->kind) && (st ->st_state->kind) <= STATE_AGGR_R2)) {
1616	from_state = STATE_MODE_CFG_R0;
1617	dbg(" set from_state to %s this is modecfgserver and IS_PHASE1() is TRUE",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log(" set from_state to %s this is modecfgserver and IS_PHASE1() is TRUE" , st->st_state->name); } }
1618	st->st_state->name){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log(" set from_state to %s this is modecfgserver and IS_PHASE1() is TRUE" , st->st_state->name); } };
1619	} else if (this->modecfg_client &&
1620	IS_V1_PHASE1(st->st_state->kind)(STATE_MAIN_R0 <= (st->st_state->kind) && (st ->st_state->kind) <= STATE_AGGR_R2)) {
1621	from_state = STATE_MODE_CFG_R1;
1622	dbg(" set from_state to %s this is modecfgclient and IS_PHASE1() is TRUE",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log(" set from_state to %s this is modecfgclient and IS_PHASE1() is TRUE" , st->st_state->name); } }
1623	st->st_state->name){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log(" set from_state to %s this is modecfgclient and IS_PHASE1() is TRUE" , st->st_state->name); } };
1624	} else {
1625	esb_buf b;
1626	dbg("received isakmp_xchg_type %s; this is a%s%s%s%s in state %s. Reply with UNSUPPORTED_EXCHANGE_TYPE",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("received isakmp_xchg_type %s; this is a%s%s%s%s in state %s. Reply with UNSUPPORTED_EXCHANGE_TYPE" , enum_show(&ikev1_exchange_names, md->hdr.isa_xchg, & b), st->st_connection ->spd.this.xauth_server ? " xauthserver" : "", st->st_connection->spd.this.xauth_client ? " xauthclient" : "", st->st_connection->spd.this.modecfg_server ? " modecfgserver" : "", st->st_connection->spd.this.modecfg_client ? " modecfgclient" : "", st->st_state->name); } }
1627	enum_show(&ikev1_exchange_names, md->hdr.isa_xchg, &b),{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("received isakmp_xchg_type %s; this is a%s%s%s%s in state %s. Reply with UNSUPPORTED_EXCHANGE_TYPE" , enum_show(&ikev1_exchange_names, md->hdr.isa_xchg, & b), st->st_connection ->spd.this.xauth_server ? " xauthserver" : "", st->st_connection->spd.this.xauth_client ? " xauthclient" : "", st->st_connection->spd.this.modecfg_server ? " modecfgserver" : "", st->st_connection->spd.this.modecfg_client ? " modecfgclient" : "", st->st_state->name); } }
1628	st->st_connection ->spd.this.xauth_server ? " xauthserver" : "",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("received isakmp_xchg_type %s; this is a%s%s%s%s in state %s. Reply with UNSUPPORTED_EXCHANGE_TYPE" , enum_show(&ikev1_exchange_names, md->hdr.isa_xchg, & b), st->st_connection ->spd.this.xauth_server ? " xauthserver" : "", st->st_connection->spd.this.xauth_client ? " xauthclient" : "", st->st_connection->spd.this.modecfg_server ? " modecfgserver" : "", st->st_connection->spd.this.modecfg_client ? " modecfgclient" : "", st->st_state->name); } }
1629	st->st_connection->spd.this.xauth_client ? " xauthclient" : "",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("received isakmp_xchg_type %s; this is a%s%s%s%s in state %s. Reply with UNSUPPORTED_EXCHANGE_TYPE" , enum_show(&ikev1_exchange_names, md->hdr.isa_xchg, & b), st->st_connection ->spd.this.xauth_server ? " xauthserver" : "", st->st_connection->spd.this.xauth_client ? " xauthclient" : "", st->st_connection->spd.this.modecfg_server ? " modecfgserver" : "", st->st_connection->spd.this.modecfg_client ? " modecfgclient" : "", st->st_state->name); } }
1630	st->st_connection->spd.this.modecfg_server ? " modecfgserver" : "",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("received isakmp_xchg_type %s; this is a%s%s%s%s in state %s. Reply with UNSUPPORTED_EXCHANGE_TYPE" , enum_show(&ikev1_exchange_names, md->hdr.isa_xchg, & b), st->st_connection ->spd.this.xauth_server ? " xauthserver" : "", st->st_connection->spd.this.xauth_client ? " xauthclient" : "", st->st_connection->spd.this.modecfg_server ? " modecfgserver" : "", st->st_connection->spd.this.modecfg_client ? " modecfgclient" : "", st->st_state->name); } }
1631	st->st_connection->spd.this.modecfg_client ? " modecfgclient" : "",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("received isakmp_xchg_type %s; this is a%s%s%s%s in state %s. Reply with UNSUPPORTED_EXCHANGE_TYPE" , enum_show(&ikev1_exchange_names, md->hdr.isa_xchg, & b), st->st_connection ->spd.this.xauth_server ? " xauthserver" : "", st->st_connection->spd.this.xauth_client ? " xauthclient" : "", st->st_connection->spd.this.modecfg_server ? " modecfgserver" : "", st->st_connection->spd.this.modecfg_client ? " modecfgclient" : "", st->st_state->name); } }
1632	st->st_state->name){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("received isakmp_xchg_type %s; this is a%s%s%s%s in state %s. Reply with UNSUPPORTED_EXCHANGE_TYPE" , enum_show(&ikev1_exchange_names, md->hdr.isa_xchg, & b), st->st_connection ->spd.this.xauth_server ? " xauthserver" : "", st->st_connection->spd.this.xauth_client ? " xauthclient" : "", st->st_connection->spd.this.modecfg_server ? " modecfgserver" : "", st->st_connection->spd.this.modecfg_client ? " modecfgclient" : "", st->st_state->name); } };
1633	return;
1634	}
1635	} else {
1636	if (st->st_connection->spd.this.xauth_server &&
1637	IS_V1_PHASE1(st->st_state->kind)(STATE_MAIN_R0 <= (st->st_state->kind) && (st ->st_state->kind) <= STATE_AGGR_R2)) {
1638	/* Switch from Phase1 to Mode Config */
1639	dbg("We were in phase 1, with no state, so we went to XAUTH_R0"){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("We were in phase 1, with no state, so we went to XAUTH_R0" ); } };
1640	change_state(st, STATE_XAUTH_R0);
1641	}
1642
1643	/* otherwise, this is fine, we continue in the state we are in */
1644	from_state = st->st_state->kind;
1645	}
1646
1647	break;
1648
1649	case ISAKMP_XCHG_NONE:
1650	case ISAKMP_XCHG_BASE:
1651	case ISAKMP_XCHG_AO:
1652	case ISAKMP_XCHG_NGRP:
1653	default:
1654	{
1655	esb_buf b;
1656	dbg("unsupported exchange type %s in message",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("unsupported exchange type %s in message", enum_show (&ikev1_exchange_names, md->hdr.isa_xchg, &b)); } }
1657	enum_show(&ikev1_exchange_names, md->hdr.isa_xchg, &b)){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("unsupported exchange type %s in message", enum_show (&ikev1_exchange_names, md->hdr.isa_xchg, &b)); } };
1658	SEND_NOTIFICATION(UNSUPPORTED_EXCHANGE_TYPE){ { const unsigned __pstat = (UNSUPPORTED_EXCHANGE_TYPE); if ( __pstat < (sizeof(pstats_ikev1_sent_notifies_e) / sizeof(* (pstats_ikev1_sent_notifies_e)))) { pstats_ikev1_sent_notifies_e [__pstat]++; } else if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX))))) { DBG_log("pstats %s %d", "ikev1_sent_notifies_e" , __pstat); } }; if (st != ((void*)0)) send_notification_from_state (st, from_state, UNSUPPORTED_EXCHANGE_TYPE); else send_notification_from_md (md, UNSUPPORTED_EXCHANGE_TYPE); };
1659	return;
1660	}
1661	}
1662
1663	/* We have found a from_state, and perhaps a state object.
1664	* If we need to build a new state object,
1665	* we wait until the packet has been sanity checked.
1666	*/
1667
1668	/* We don't support the Commit Flag. It is such a bad feature.
1669	* It isn't protected -- neither encrypted nor authenticated.
1670	* A man in the middle turns it on, leading to DoS.
1671	* We just ignore it, with a warning.
1672	*/
1673	if (md->hdr.isa_flags & ISAKMP_FLAGS_v1_COMMIT(1<<ISAKMP_FLAGS_v1_COMMIT_IX))
1674	dbg("IKE message has the Commit Flag set but Pluto doesn't implement this feature due to security concerns; ignoring flag"){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("IKE message has the Commit Flag set but Pluto doesn't implement this feature due to security concerns; ignoring flag" ); } };
1675
1676	/* Handle IKE fragmentation payloads */
1677	if (md->hdr.isa_np == ISAKMP_NEXT_IKE_FRAGMENTATION) {
1678	struct isakmp_ikefrag fraghdr;
1679	int last_frag_index = 0; /* index of the last fragment */
1680	pb_stream frag_pbs;
1681
1682	if (st == NULL((void*)0)) {
1683	dbg("received IKE fragment, but have no state. Ignoring packet."){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("received IKE fragment, but have no state. Ignoring packet." ); } };
1684	return;
1685	}
1686
1687	if ((st->st_connection->policy & POLICY_IKE_FRAG_ALLOW((lset_t)1 << (POLICY_IKE_FRAG_ALLOW_IX))) == 0) {
1688	dbg("discarding IKE fragment packet - fragmentation not allowed by local policy (ike_frag=no)"){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("discarding IKE fragment packet - fragmentation not allowed by local policy (ike_frag=no)" ); } };
1689	return;
1690	}
1691
1692	diag_t d = pbs_in_struct(&md->message_pbs, &isakmp_ikefrag_desc,
1693	&fraghdr, sizeof(fraghdr), &frag_pbs);
1694	if (d != NULL((void*)0)) {
1695	llog_diag(RC_LOG, st->st_logger, &d, "%s", "");
1696	SEND_NOTIFICATION(PAYLOAD_MALFORMED){ { const unsigned __pstat = (PAYLOAD_MALFORMED); if (__pstat < (sizeof(pstats_ikev1_sent_notifies_e) / sizeof((pstats_ikev1_sent_notifies_e )))) { pstats_ikev1_sent_notifies_e[__pstat]++; } else if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX))))) { DBG_log("pstats %s %d" , "ikev1_sent_notifies_e", __pstat); } }; if (st != ((void)0 )) send_notification_from_state(st, from_state, PAYLOAD_MALFORMED ); else send_notification_from_md(md, PAYLOAD_MALFORMED); };
1697	return;
1698	}
1699	if (pbs_room(&frag_pbs)((size_t)((&frag_pbs)->roof - (&frag_pbs)->start )) != fraghdr.isafrag_length \|\|
1700	fraghdr.isafrag_np != ISAKMP_NEXT_NONE \|\|
1701	fraghdr.isafrag_number == 0 \|\|
1702	fraghdr.isafrag_number > 16) {
1703	SEND_NOTIFICATION(PAYLOAD_MALFORMED){ { const unsigned __pstat = (PAYLOAD_MALFORMED); if (__pstat < (sizeof(pstats_ikev1_sent_notifies_e) / sizeof((pstats_ikev1_sent_notifies_e )))) { pstats_ikev1_sent_notifies_e[__pstat]++; } else if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX))))) { DBG_log("pstats %s %d" , "ikev1_sent_notifies_e", __pstat); } }; if (st != ((void)0 )) send_notification_from_state(st, from_state, PAYLOAD_MALFORMED ); else send_notification_from_md(md, PAYLOAD_MALFORMED); };
1704	return;
1705	}
1706
1707	dbg("received IKE fragment id '%d', number '%u'%s",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("received IKE fragment id '%d', number '%u'%s" , fraghdr.isafrag_id, fraghdr.isafrag_number, (fraghdr.isafrag_flags == 1) ? "(last)" : ""); } }
1708	fraghdr.isafrag_id,{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("received IKE fragment id '%d', number '%u'%s" , fraghdr.isafrag_id, fraghdr.isafrag_number, (fraghdr.isafrag_flags == 1) ? "(last)" : ""); } }
1709	fraghdr.isafrag_number,{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("received IKE fragment id '%d', number '%u'%s" , fraghdr.isafrag_id, fraghdr.isafrag_number, (fraghdr.isafrag_flags == 1) ? "(last)" : ""); } }
1710	(fraghdr.isafrag_flags == 1) ? "(last)" : ""){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("received IKE fragment id '%d', number '%u'%s" , fraghdr.isafrag_id, fraghdr.isafrag_number, (fraghdr.isafrag_flags == 1) ? "(last)" : ""); } };
1711
1712	struct v1_ike_rfrag ike_frag = alloc_thing(struct v1_ike_rfrag, "ike_frag")((struct v1_ike_rfrag) alloc_bytes(sizeof(struct v1_ike_rfrag ), ("ike_frag")));
1713	ike_frag->md = md_addref(md, HERE({ static const struct where here = { .func = __func__, .file = "programs/pluto/ikev1.c", .line = 1713, }; &here; }));
1714	ike_frag->index = fraghdr.isafrag_number;
1715	ike_frag->last = (fraghdr.isafrag_flags & 1);
1716	ike_frag->size = pbs_left(&frag_pbs)((size_t)((&frag_pbs)->roof - (&frag_pbs)->cur) );
1717	ike_frag->data = frag_pbs.cur;
1718
1719	/* Add the fragment to the state */
1720	struct v1_ike_rfrag **i = &st->st_v1_rfrags;
1721	for (;;) {
1722	if (ike_frag != NULL((void*)0)) {
1723	/* Still looking for a place to insert ike_frag */
1724	if (i == NULL((void)0) \|\|
1725	(*i)->index > ike_frag->index) {
1726	ike_frag->next = *i;
1727	*i = ike_frag;
1728	ike_frag = NULL((void*)0);
1729	} else if ((*i)->index == ike_frag->index) {
1730	/* Replace fragment with same index */
1731	struct v1_ike_rfrag old = i;
1732
1733	ike_frag->next = old->next;
1734	*i = ike_frag;
1735	pexpect(old->md != NULL)({ _Bool assertion__ = old->md != ((void)0); if (!assertion__ ) { where_t here_ = ({ static const struct where here = { .func = __func__, .file = "programs/pluto/ikev1.c", .line = 1735, } ; &here; }); const struct logger logger_ = &failsafe_logger ; llog_pexpect(logger_, here_, "%s", "old->md != ((void*)0)" ); } assertion__; });
1736	release_any_md(&old->md)md_delref(&old->md, ({ static const struct where here = { .func = __func__, .file = "programs/pluto/ikev1.c", .line = 1736, }; &here; }));
1737	pfree(old);
1738	ike_frag = NULL((void*)0);
1739	}
1740	}
1741
1742	if (i == NULL((void)0))
1743	break;
1744
1745	if ((*i)->last)
1746	last_frag_index = (*i)->index;
1747
1748	i = &(*i)->next;
1749	}
1750
1751	/* We have the last fragment, reassemble if complete */
1752	if (last_frag_index != 0) {
1753	size_t size = 0;
1754	int prev_index = 0;
1755
1756	for (struct v1_ike_rfrag *frag = st->st_v1_rfrags; frag; frag = frag->next) {
1757	size += frag->size;
1758	if (frag->index != ++prev_index) {
1759	break; /* fragment list incomplete */
1760	} else if (frag->index == last_frag_index) {
1761	struct msg_digest *whole_md = alloc_md(frag->md->iface,
1762	&frag->md->sender,
1763	HERE({ static const struct where here = { .func = __func__, .file = "programs/pluto/ikev1.c", .line = 1763, }; &here; }));
1764	uint8_t *buffer = alloc_bytes(size,
1765	"IKE fragments buffer");
1766	size_t offset = 0;
1767
1768	/* Reassemble fragments in buffer */
1769	frag = st->st_v1_rfrags;
1770	while (frag != NULL((void*)0) &&
1771	frag->index <= last_frag_index)
1772	{
1773	passert(offset + frag->size <=({ _Bool assertion__ = offset + frag->size <= size; if ( !assertion__) { where_t here = ({ static const struct where here = { .func = __func__, .file = "programs/pluto/ikev1.c", .line = 1774, }; &here; }); const struct logger *logger_ = & failsafe_logger; llog_passert(logger_, here, "%s", "offset + frag->size <= size" ); } (void) 1; })
1774	size)({ _Bool assertion__ = offset + frag->size <= size; if ( !assertion__) { where_t here = ({ static const struct where here = { .func = __func__, .file = "programs/pluto/ikev1.c", .line = 1774, }; &here; }); const struct logger *logger_ = & failsafe_logger; llog_passert(logger_, here, "%s", "offset + frag->size <= size" ); } (void) 1; });
1775	memcpy(buffer + offset,
1776	frag->data, frag->size);
1777	offset += frag->size;
1778	frag = frag->next;
1779	}
1780
1781	init_pbs(&whole_md->packet_pbs, buffer, size,
1782	"packet");
1783
1784	process_packet(&whole_md);
1785	release_any_md(&whole_md)md_delref(&whole_md, ({ static const struct where here = { .func = __func__, .file = "programs/pluto/ikev1.c", .line = 1785 , }; &here; }));
1786	free_v1_message_queues(st);
1787	/* optimize: if receiving fragments, immediately respond with fragments too */
1788	st->st_v1_seen_fragments = true1;
1789	dbg(" updated IKE fragment state to respond using fragments without waiting for re-transmits"){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log(" updated IKE fragment state to respond using fragments without waiting for re-transmits" ); } };
1790	break;
1791	}
1792	}
1793	}
1794
1795	return;
1796	}
1797
1798	/*
1799	* Set smc to describe this state's properties.
1800	*
1801	* Look up the appropriate microcode based on state and
1802	* possibly Oakley Auth type.
1803	*/
1804	passert(STATE_IKEv1_FLOOR <= from_state && from_state < STATE_IKEv1_ROOF)({ _Bool assertion__ = STATE_IKEv1_FLOOR <= from_state && from_state < STATE_IKEv1_ROOF; if (!assertion__) { where_t here = ({ static const struct where here = { .func = __func__ , .file = "programs/pluto/ikev1.c", .line = 1804, }; &here ; }); const struct logger *logger_ = &failsafe_logger; llog_passert (logger_, here, "%s", "STATE_IKEv1_FLOOR <= from_state && from_state < STATE_IKEv1_ROOF" ); } (void) 1; });
1805	const struct finite_state *fs = finite_states[from_state];
1806	passert(fs != NULL)({ _Bool assertion__ = fs != ((void)0); if (!assertion__) { where_t here = ({ static const struct where here = { .func = __func__ , .file = "programs/pluto/ikev1.c", .line = 1806, }; &here ; }); const struct logger logger_ = &failsafe_logger; llog_passert (logger_, here, "%s", "fs != ((void*)0)"); } (void) 1; });
1807	const struct state_v1_microcode *smc = fs->v1_transitions;
1808	passert(smc != NULL)({ _Bool assertion__ = smc != ((void)0); if (!assertion__) { where_t here = ({ static const struct where here = { .func = __func__, .file = "programs/pluto/ikev1.c", .line = 1808, }; &here; }); const struct logger logger_ = &failsafe_logger ; llog_passert(logger_, here, "%s", "smc != ((void*)0)"); } ( void) 1; });
1809
1810	/*
1811	* Find the state's the state transitions that has matching
1812	* authentication.
1813	*
1814	* For states where this makes no sense (eg, quick states
1815	* creating a CHILD_SA), .flags\|=SMF_ALL_AUTH so the first
1816	* (only) one always matches.
1817	*
1818	* XXX: The code assumes that when there is always a match (if
1819	* there isn't the passert() triggers. If needed, bogus
1820	* transitions that log/drop the packet are added to the
1821	* table? Would simply dropping the packets be easier.
1822	*/
1823	if (st != NULL((void*)0)) {
1824	oakley_auth_t baseauth =
1825	xauth_calcbaseauth(st->st_oakley.auth);
1826
1827	while (!LHAS(smc->flags, baseauth)(((smc->flags) & ((lset_t)1 << (baseauth))) != ( (lset_t)0))) {
1828	smc++;
1829	passert(smc->state == from_state)({ _Bool assertion__ = smc->state == from_state; if (!assertion__ ) { where_t here = ({ static const struct where here = { .func = __func__, .file = "programs/pluto/ikev1.c", .line = 1829, } ; &here; }); const struct logger *logger_ = &failsafe_logger ; llog_passert(logger_, here, "%s", "smc->state == from_state" ); } (void) 1; });
1830	}
1831	}
1832
1833	/*
1834	* XXX: do this earlier? */
1835	if (verbose_state_busy(st))
1836	return;
1837
1838	/*
1839	* Detect and handle duplicated packets. This won't work for
1840	* the initial packet of an exchange because we won't have a
1841	* state object to remember it. If we are in a non-receiving
1842	* state (terminal), and the preceding state did transmit,
1843	* then the duplicate may indicate that that transmission
1844	* wasn't received -- retransmit it. Otherwise, just discard
1845	* it. ??? Notification packets are like exchanges -- I hope
1846	* that they are idempotent!
1847	*
1848	* XXX: do this earlier?
1849	*/
1850	if (st != NULL((void*)0) && ikev1_duplicate(st, md)) {
1851	return;
1852	}
1853
1854	/* save values for use in resumption of processing below.
1855	* (may be suspended due to crypto operation not yet complete)
1856	*/
1857	md->v1_st = st;
1858	md->smc = smc;
1859	md->new_iv_set = new_iv_set;
1860
1861	/*
1862	* look for encrypt packets. We cannot handle them if we have not
1863	* yet calculated the skeyids. We will just store the packet in
1864	* the suspended state, since the calculation is likely underway.
1865	*
1866	* note that this differs from above, because skeyid is calculated
1867	* in between states. (or will be, once DH is async)
1868	*
1869	*/
1870	if ((md->hdr.isa_flags & ISAKMP_FLAGS_v1_ENCRYPTION(1<<ISAKMP_FLAGS_v1_ENCRYPTION_IX)) &&
1871	st != NULL((void*)0) &&
1872	!st->hidden_variables.st_skeyid_calculated) {
1873	endpoint_buf b;
1874	dbg("received encrypted packet from %s but exponentiation still in progress",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("received encrypted packet from %s but exponentiation still in progress" , str_endpoint(&md->sender, &b)); } }
1875	str_endpoint(&md->sender, &b)){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("received encrypted packet from %s but exponentiation still in progress" , str_endpoint(&md->sender, &b)); } };
1876
1877	/*
1878	* if there was a previous packet, let it go, and go
1879	* with most recent one.
1880	*/
1881	if (st->st_suspended_md != NULL((void*)0)) {
1882	dbg("releasing suspended operation before completion: %p",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("releasing suspended operation before completion: %p" , st->st_suspended_md); } }
1883	st->st_suspended_md){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("releasing suspended operation before completion: %p" , st->st_suspended_md); } };
1884	release_any_md(&st->st_suspended_md)md_delref(&st->st_suspended_md, ({ static const struct where here = { .func = __func__, .file = "programs/pluto/ikev1.c" , .line = 1884, }; &here; }));
1885	}
1886	suspend_any_md(st, md){ if (md != ((void)0)) { { if ((cur_debugging & (((lset_t )1 << (DBG_BASE_IX))))) { DBG_log("suspending state #%lu and saving MD %p" , (st)->st_serialno, md); } }; ({ _Bool assertion__ = (st) ->st_suspended_md == ((void)0); if (!assertion__) { where_t here = ({ static const struct where here = { .func = __func__ , .file = "programs/pluto/ikev1.c", .line = 1886, }; &here ; }); const struct logger logger_ = &failsafe_logger; llog_passert (logger_, here, "%s", "(st)->st_suspended_md == ((void)0)" ); } (void) 1; }); (st)->st_suspended_md = md_addref(md, ( { static const struct where here = { .func = __func__, .file = "programs/pluto/ikev1.c", .line = 1886, }; &here; })); ( st)->st_suspended_md_func = __func__; (st)->st_suspended_md_line = 1886; ({ _Bool assertion__ = state_is_busy(st); if (!assertion__ ) { where_t here = ({ static const struct where here = { .func = __func__, .file = "programs/pluto/ikev1.c", .line = 1886, } ; &here; }); const struct logger *logger_ = &failsafe_logger ; llog_passert(logger_, here, "%s", "state_is_busy(st)"); } ( void) 1; }); } else { { if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX))))) { DBG_log("no MD to suspend"); } }; } };
1887	return;
1888	}
1889
1890	process_packet_tail(md);
1891	/* our caller will release_any_md(mdp); */
1892	}
1893
1894	/*
1895	* This routine will not release_any_md(mdp). It is expected that its
1896	* caller will do this. In fact, it will zap *mdp to NULL if it thinks
1897	* **mdp should not be freed. So the caller should be prepared for
1898	* *mdp being set to NULL.
1899	*/
1900	void process_packet_tail(struct msg_digest *md)
1901	{
1902	struct state *st = md->v1_st;
1903	const struct state_v1_microcode *smc = md->smc;
1904	enum state_kind from_state = smc->state;
1905	bool_Bool new_iv_set = md->new_iv_set;
1906	bool_Bool self_delete = false0;
1907
1908	if (md->hdr.isa_flags & ISAKMP_FLAGS_v1_ENCRYPTION(1<<ISAKMP_FLAGS_v1_ENCRYPTION_IX)) {
1909
1910	endpoint_buf b;
1911	dbg("received encrypted packet from %s", str_endpoint(&md->sender, &b)){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("received encrypted packet from %s", str_endpoint (&md->sender, &b)); } };
1912
1913	if (st == NULL((void*)0)) {
1914	LOG_PACKET(RC_LOG,{ if (st != ((void*)0)) { log_state(RC_LOG, st, "discarding encrypted message for an unknown ISAKMP SA" ); } else { llog(RC_LOG, md->md_logger, "discarding encrypted message for an unknown ISAKMP SA" ); } }
1915	"discarding encrypted message for an unknown ISAKMP SA"){ if (st != ((void*)0)) { log_state(RC_LOG, st, "discarding encrypted message for an unknown ISAKMP SA" ); } else { llog(RC_LOG, md->md_logger, "discarding encrypted message for an unknown ISAKMP SA" ); } };
1916	return;
1917	}
1918	if (st->st_skeyid_e_nssst_skey_ei_nss == NULL((void*)0)) {
1919	LOG_PACKET(RC_LOG_SERIOUS,{ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "discarding encrypted message because we haven't yet negotiated keying material" ); } else { llog(RC_LOG_SERIOUS, md->md_logger, "discarding encrypted message because we haven't yet negotiated keying material" ); } }
1920	"discarding encrypted message because we haven't yet negotiated keying material"){ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "discarding encrypted message because we haven't yet negotiated keying material" ); } else { llog(RC_LOG_SERIOUS, md->md_logger, "discarding encrypted message because we haven't yet negotiated keying material" ); } };
1921	return;
1922	}
1923
1924	/* Mark as encrypted */
1925	md->encrypted = true1;
1926
1927	/* do the specified decryption
1928	*
1929	* IV is from st->st_iv or (if new_iv_set) st->st_new_iv.
1930	* The new IV is placed in st->st_new_iv
1931	*
1932	* See RFC 2409 "IKE" Appendix B
1933	*
1934	* XXX The IV should only be updated really if the packet
1935	* is successfully processed.
1936	* We should keep this value, check for a success return
1937	* value from the parsing routines and then replace.
1938	*
1939	* Each post phase 1 exchange generates IVs from
1940	* the last phase 1 block, not the last block sent.
1941	*/
1942	const struct encrypt_desc *e = st->st_oakley.ta_encrypt;
1943
1944	if (pbs_left(&md->message_pbs)((size_t)((&md->message_pbs)->roof - (&md->message_pbs )->cur)) % e->enc_blocksize != 0) {
1945	LOG_PACKET(RC_LOG_SERIOUS, "malformed message: not a multiple of encryption blocksize"){ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "malformed message: not a multiple of encryption blocksize" ); } else { llog(RC_LOG_SERIOUS, md->md_logger, "malformed message: not a multiple of encryption blocksize" ); } };
1946	return;
1947	}
1948
1949	/* XXX Detect weak keys */
1950
1951	/* grab a copy of raw packet (for duplicate packet detection) */
1952	md->raw_packet = clone_bytes_as_chunk(md->packet_pbs.start,
1953	pbs_room(&md->packet_pbs)((size_t)((&md->packet_pbs)->roof - (&md->packet_pbs )->start)),
1954	"raw packet");
1955
1956	/* Decrypt everything after header */
1957	if (!new_iv_set) {
1958	if (st->st_v1_iv.len == 0) {
1959	init_phase2_iv(st, &md->hdr.isa_msgid);
1960	} else {
1961	/* use old IV */
1962	restore_new_iv(st, st->st_v1_iv){ (st)->st_v1_new_iv = (st->st_v1_iv); };
1963	}
1964	}
1965
1966	passert(st->st_v1_new_iv.len >= e->enc_blocksize)({ _Bool assertion__ = st->st_v1_new_iv.len >= e->enc_blocksize ; if (!assertion__) { where_t here = ({ static const struct where here = { .func = __func__, .file = "programs/pluto/ikev1.c", .line = 1966, }; &here; }); const struct logger *logger_ = &failsafe_logger; llog_passert(logger_, here, "%s", "st->st_v1_new_iv.len >= e->enc_blocksize" ); } (void) 1; });
1967	st->st_v1_new_iv.len = e->enc_blocksize; /* truncate */
1968
1969	if (DBGP(DBG_CRYPT)(cur_debugging & (((lset_t)1 << (DBG_CRYPT_IX))))) {
1970	DBG_log("decrypting %u bytes using algorithm %s",
1971	(unsigned) pbs_left(&md->message_pbs)((size_t)((&md->message_pbs)->roof - (&md->message_pbs )->cur)),
1972	st->st_oakley.ta_encrypt->common.fqn);
1973	DBG_dump_hunk("IV before:", st->st_v1_new_iv){ typeof(st->st_v1_new_iv) hunk_ = st->st_v1_new_iv; DBG_dump ("IV before:", hunk_.ptr, hunk_.len); };
1974	}
1975	e->encrypt_ops->do_crypt(e, md->message_pbs.cur,
1976	pbs_left(&md->message_pbs)((size_t)((&md->message_pbs)->roof - (&md->message_pbs )->cur)),
1977	st->st_enc_key_nss,
1978	st->st_v1_new_iv.ptr, false0,
1979	st->st_logger);
1980	if (DBGP(DBG_CRYPT)(cur_debugging & (((lset_t)1 << (DBG_CRYPT_IX))))) {
1981	DBG_dump_hunk("IV after:", st->st_v1_new_iv){ typeof(st->st_v1_new_iv) hunk_ = st->st_v1_new_iv; DBG_dump ("IV after:", hunk_.ptr, hunk_.len); };
1982	DBG_log("decrypted payload (starts at offset %td):",
1983	md->message_pbs.cur - md->message_pbs.roof);
1984	DBG_dump(NULL((void*)0), md->message_pbs.start,
1985	md->message_pbs.roof - md->message_pbs.start);
1986	}
1987	} else {
1988	/* packet was not encryped -- should it have been? */
1989
1990	if (smc->flags & SMF_INPUT_ENCRYPTED((lset_t)1 << (OAKLEY_AUTH_ROOF + 2))) {
1991	LOG_PACKET(RC_LOG_SERIOUS,{ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "packet rejected: should have been encrypted" ); } else { llog(RC_LOG_SERIOUS, md->md_logger, "packet rejected: should have been encrypted" ); } }
1992	"packet rejected: should have been encrypted"){ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "packet rejected: should have been encrypted" ); } else { llog(RC_LOG_SERIOUS, md->md_logger, "packet rejected: should have been encrypted" ); } };
1993	SEND_NOTIFICATION(INVALID_FLAGS){ { const unsigned __pstat = (INVALID_FLAGS); if (__pstat < (sizeof(pstats_ikev1_sent_notifies_e) / sizeof((pstats_ikev1_sent_notifies_e )))) { pstats_ikev1_sent_notifies_e[__pstat]++; } else if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX))))) { DBG_log("pstats %s %d" , "ikev1_sent_notifies_e", __pstat); } }; if (st != ((void)0 )) send_notification_from_state(st, from_state, INVALID_FLAGS ); else send_notification_from_md(md, INVALID_FLAGS); };
1994	return;
1995	}
1996	}
1997
1998	/* Digest the message.
1999	* Padding must be removed to make hashing work.
2000	* Padding comes from encryption (so this code must be after decryption).
2001	* Padding rules are described before the definition of
2002	* struct isakmp_hdr in packet.h.
2003	*/
2004	{
2005	enum next_payload_types_ikev1 np = md->hdr.isa_np;
2006	lset_t needed = smc->req_payloads;
2007	const char *excuse =
2008	LIN(SMF_PSK_AUTH \| SMF_FIRST_ENCRYPTED_INPUT,(((((lset_t)1 << (OAKLEY_PRESHARED_KEY)) \| ((lset_t)1 << (OAKLEY_AUTH_ROOF + 1))) & (smc->flags)) == (((lset_t )1 << (OAKLEY_PRESHARED_KEY)) \| ((lset_t)1 << (OAKLEY_AUTH_ROOF + 1))))
2009	smc->flags)(((((lset_t)1 << (OAKLEY_PRESHARED_KEY)) \| ((lset_t)1 << (OAKLEY_AUTH_ROOF + 1))) & (smc->flags)) == (((lset_t )1 << (OAKLEY_PRESHARED_KEY)) \| ((lset_t)1 << (OAKLEY_AUTH_ROOF + 1)))) ?
2010	"probable authentication failure (mismatch of preshared secrets?): "
2011	:
2012	"";
2013
2014	while (np != ISAKMP_NEXT_NONE) {
2015	struct_desc *sd = v1_payload_desc(np);
2016
2017	if (md->digest_roof >= elemsof(md->digest)(sizeof(md->digest) / sizeof(*(md->digest)))) {
2018	LOG_PACKET(RC_LOG_SERIOUS,{ if (st != ((void)0)) { log_state(RC_LOG_SERIOUS, st, "more than %zu payloads in message; ignored" , (sizeof(md->digest) / sizeof((md->digest)))); } else { llog(RC_LOG_SERIOUS, md->md_logger, "more than %zu payloads in message; ignored" , (sizeof(md->digest) / sizeof(*(md->digest)))); } }
2019	"more than %zu payloads in message; ignored",{ if (st != ((void)0)) { log_state(RC_LOG_SERIOUS, st, "more than %zu payloads in message; ignored" , (sizeof(md->digest) / sizeof((md->digest)))); } else { llog(RC_LOG_SERIOUS, md->md_logger, "more than %zu payloads in message; ignored" , (sizeof(md->digest) / sizeof(*(md->digest)))); } }
2020	elemsof(md->digest)){ if (st != ((void)0)) { log_state(RC_LOG_SERIOUS, st, "more than %zu payloads in message; ignored" , (sizeof(md->digest) / sizeof((md->digest)))); } else { llog(RC_LOG_SERIOUS, md->md_logger, "more than %zu payloads in message; ignored" , (sizeof(md->digest) / sizeof(*(md->digest)))); } };
2021	if (!md->encrypted) {
2022	SEND_NOTIFICATION(PAYLOAD_MALFORMED){ { const unsigned __pstat = (PAYLOAD_MALFORMED); if (__pstat < (sizeof(pstats_ikev1_sent_notifies_e) / sizeof((pstats_ikev1_sent_notifies_e )))) { pstats_ikev1_sent_notifies_e[__pstat]++; } else if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX))))) { DBG_log("pstats %s %d" , "ikev1_sent_notifies_e", __pstat); } }; if (st != ((void)0 )) send_notification_from_state(st, from_state, PAYLOAD_MALFORMED ); else send_notification_from_md(md, PAYLOAD_MALFORMED); };
2023	}
2024	return;
2025	}
2026	struct payload_digest *const pd = md->digest + md->digest_roof;
2027
2028	/*
2029	* only do this in main mode. In aggressive mode, there
2030	* is no negotiation of NAT-T method. Get it right.
2031	*/
2032	if (st != NULL((void)0) && st->st_connection != NULL((void)0) &&
2033	(st->st_connection->policy & POLICY_AGGRESSIVE((lset_t)1 << (POLICY_AGGRESSIVE_IX))) == LEMPTY((lset_t)0))
2034	{
2035	switch (np) {
2036	case ISAKMP_NEXT_NATD_RFC:
2037	case ISAKMP_NEXT_NATOA_RFC:
2038	if ((st->hidden_variables.st_nat_traversal & NAT_T_WITH_RFC_VALUES((lset_t)1 << (NAT_TRAVERSAL_METHOD_IETF_RFC))) == LEMPTY((lset_t)0)) {
2039	/*
2040	* don't accept NAT-D/NAT-OA reloc directly in message,
2041	* unless we're using NAT-T RFC
2042	*/
2043	lset_buf lb;
2044	dbg("st_nat_traversal was: %s",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("st_nat_traversal was: %s", str_lset(&natt_method_names , st->hidden_variables.st_nat_traversal, &lb)); } }
2045	str_lset(&natt_method_names,{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("st_nat_traversal was: %s", str_lset(&natt_method_names , st->hidden_variables.st_nat_traversal, &lb)); } }
2046	st->hidden_variables.st_nat_traversal,{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("st_nat_traversal was: %s", str_lset(&natt_method_names , st->hidden_variables.st_nat_traversal, &lb)); } }
2047	&lb)){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("st_nat_traversal was: %s", str_lset(&natt_method_names , st->hidden_variables.st_nat_traversal, &lb)); } };
2048	sd = NULL((void*)0);
2049	}
2050	break;
2051	default:
2052	break;
2053	}
2054	}
2055
2056	if (sd == NULL((void*)0)) {
2057	/* payload type is out of range or requires special handling */
2058	switch (np) {
2059	case ISAKMP_NEXT_ID:
2060	/* ??? two kinds of ID payloads */
2061	sd = (IS_V1_PHASE1(from_state)(STATE_MAIN_R0 <= (from_state) && (from_state) <= STATE_AGGR_R2) \|\|
2062	IS_V1_PHASE15(from_state)(STATE_XAUTH_R0 <= (from_state) && (from_state) <= STATE_XAUTH_I1)) ?
2063	&isakmp_identification_desc :
2064	&isakmp_ipsec_identification_desc;
2065	break;
2066
2067	case ISAKMP_NEXT_NATD_DRAFTS: /* out of range */
2068	/*
2069	* ISAKMP_NEXT_NATD_DRAFTS was a private use type before RFC-3947.
2070	* Since it has the same format as ISAKMP_NEXT_NATD_RFC,
2071	* just rewrite np and sd, and carry on.
2072	*/
2073	np = ISAKMP_NEXT_NATD_RFC;
2074	sd = &isakmp_nat_d_drafts;
2075	break;
2076
2077	case ISAKMP_NEXT_NATOA_DRAFTS: /* out of range */
2078	/* NAT-OA was a private use type before RFC-3947 -- same format */
2079	np = ISAKMP_NEXT_NATOA_RFC;
2080	sd = &isakmp_nat_oa_drafts;
2081	break;
2082
2083	case ISAKMP_NEXT_SAK: /* or ISAKMP_NEXT_NATD_BADDRAFTS */
2084	/*
2085	* Official standards say that this is ISAKMP_NEXT_SAK,
2086	* a part of Group DOI, something we don't implement.
2087	* Old non-updated Cisco gear abused this number in ancient NAT drafts.
2088	* We ignore (rather than reject) this in support of people
2089	* with crufty Cisco machines.
2090	*/
2091	LOG_PACKET(RC_LOG_SERIOUS,{ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "%smessage with unsupported payload ISAKMP_NEXT_SAK (or ISAKMP_NEXT_NATD_BADDRAFTS) ignored" , excuse); } else { llog(RC_LOG_SERIOUS, md->md_logger, "%smessage with unsupported payload ISAKMP_NEXT_SAK (or ISAKMP_NEXT_NATD_BADDRAFTS) ignored" , excuse); } }
2092	"%smessage with unsupported payload ISAKMP_NEXT_SAK (or ISAKMP_NEXT_NATD_BADDRAFTS) ignored",{ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "%smessage with unsupported payload ISAKMP_NEXT_SAK (or ISAKMP_NEXT_NATD_BADDRAFTS) ignored" , excuse); } else { llog(RC_LOG_SERIOUS, md->md_logger, "%smessage with unsupported payload ISAKMP_NEXT_SAK (or ISAKMP_NEXT_NATD_BADDRAFTS) ignored" , excuse); } }
2093	excuse){ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "%smessage with unsupported payload ISAKMP_NEXT_SAK (or ISAKMP_NEXT_NATD_BADDRAFTS) ignored" , excuse); } else { llog(RC_LOG_SERIOUS, md->md_logger, "%smessage with unsupported payload ISAKMP_NEXT_SAK (or ISAKMP_NEXT_NATD_BADDRAFTS) ignored" , excuse); } };
2094	/*
2095	* Hack to discard payload, whatever it was.
2096	* Since we are skipping the rest of the loop
2097	* body we must do some things ourself:
2098	* - demarshall the payload
2099	* - grab the next payload number (np)
2100	* - don't keep payload (don't increment pd)
2101	* - skip rest of loop body
2102	*/
2103	diag_t d = pbs_in_struct(&md->message_pbs, &isakmp_ignore_desc,
2104	&pd->payload, sizeof(pd->payload), &pd->pbs);
2105	if (d != NULL((void*)0)) {
2106	llog_diag(RC_LOG, st->st_logger, &d, "%s", "");
2107	LOG_PACKET(RC_LOG_SERIOUS,{ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "%smalformed payload in packet" , excuse); } else { llog(RC_LOG_SERIOUS, md->md_logger, "%smalformed payload in packet" , excuse); } }
2108	"%smalformed payload in packet",{ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "%smalformed payload in packet" , excuse); } else { llog(RC_LOG_SERIOUS, md->md_logger, "%smalformed payload in packet" , excuse); } }
2109	excuse){ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "%smalformed payload in packet" , excuse); } else { llog(RC_LOG_SERIOUS, md->md_logger, "%smalformed payload in packet" , excuse); } };
2110	if (!md->encrypted) {
2111	SEND_NOTIFICATION(PAYLOAD_MALFORMED){ { const unsigned __pstat = (PAYLOAD_MALFORMED); if (__pstat < (sizeof(pstats_ikev1_sent_notifies_e) / sizeof((pstats_ikev1_sent_notifies_e )))) { pstats_ikev1_sent_notifies_e[__pstat]++; } else if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX))))) { DBG_log("pstats %s %d" , "ikev1_sent_notifies_e", __pstat); } }; if (st != ((void)0 )) send_notification_from_state(st, from_state, PAYLOAD_MALFORMED ); else send_notification_from_md(md, PAYLOAD_MALFORMED); };
2112	}
2113	return;
2114	}
2115	np = pd->payload.generic.isag_np;
2116	/* NOTE: we do not increment pd! */
2117	continue; /* skip rest of the loop */
2118
2119	default:
2120	{
2121	esb_buf b;
2122	LOG_PACKET(RC_LOG_SERIOUS,{ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "%smessage ignored because it contains an unknown or unexpected payload type (%s) at the outermost level" , excuse, enum_show(&ikev1_payload_names, np, &b)); } else { llog(RC_LOG_SERIOUS, md->md_logger, "%smessage ignored because it contains an unknown or unexpected payload type (%s) at the outermost level" , excuse, enum_show(&ikev1_payload_names, np, &b)); } }
2123	"%smessage ignored because it contains an unknown or unexpected payload type (%s) at the outermost level",{ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "%smessage ignored because it contains an unknown or unexpected payload type (%s) at the outermost level" , excuse, enum_show(&ikev1_payload_names, np, &b)); } else { llog(RC_LOG_SERIOUS, md->md_logger, "%smessage ignored because it contains an unknown or unexpected payload type (%s) at the outermost level" , excuse, enum_show(&ikev1_payload_names, np, &b)); } }
2124	excuse,{ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "%smessage ignored because it contains an unknown or unexpected payload type (%s) at the outermost level" , excuse, enum_show(&ikev1_payload_names, np, &b)); } else { llog(RC_LOG_SERIOUS, md->md_logger, "%smessage ignored because it contains an unknown or unexpected payload type (%s) at the outermost level" , excuse, enum_show(&ikev1_payload_names, np, &b)); } }
2125	enum_show(&ikev1_payload_names, np, &b)){ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "%smessage ignored because it contains an unknown or unexpected payload type (%s) at the outermost level" , excuse, enum_show(&ikev1_payload_names, np, &b)); } else { llog(RC_LOG_SERIOUS, md->md_logger, "%smessage ignored because it contains an unknown or unexpected payload type (%s) at the outermost level" , excuse, enum_show(&ikev1_payload_names, np, &b)); } };
2126	if (!md->encrypted) {
2127	SEND_NOTIFICATION(INVALID_PAYLOAD_TYPE){ { const unsigned __pstat = (INVALID_PAYLOAD_TYPE); if (__pstat < (sizeof(pstats_ikev1_sent_notifies_e) / sizeof((pstats_ikev1_sent_notifies_e )))) { pstats_ikev1_sent_notifies_e[__pstat]++; } else if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX))))) { DBG_log("pstats %s %d" , "ikev1_sent_notifies_e", __pstat); } }; if (st != ((void)0 )) send_notification_from_state(st, from_state, INVALID_PAYLOAD_TYPE ); else send_notification_from_md(md, INVALID_PAYLOAD_TYPE); };
2128	}
2129	return;
2130	}
2131	}
2132	passert(sd != NULL)({ _Bool assertion__ = sd != ((void)0); if (!assertion__) { where_t here = ({ static const struct where here = { .func = __func__ , .file = "programs/pluto/ikev1.c", .line = 2132, }; &here ; }); const struct logger logger_ = &failsafe_logger; llog_passert (logger_, here, "%s", "sd != ((void*)0)"); } (void) 1; });
2133	}
2134
2135	passert(np < LELEM_ROOF)({ _Bool assertion__ = np < 64; if (!assertion__) { where_t here = ({ static const struct where here = { .func = __func__ , .file = "programs/pluto/ikev1.c", .line = 2135, }; &here ; }); const struct logger *logger_ = &failsafe_logger; llog_passert (logger_, here, "%s", "np < 64"); } (void) 1; });
2136
2137	{
2138	lset_t s = LELEM(np)((lset_t)1 << (np));
2139
2140	if (LDISJOINT(s,(((s) & (needed \| smc->opt_payloads \| ((lset_t)1 << (ISAKMP_NEXT_VID)) \| ((lset_t)1 << (ISAKMP_NEXT_N)) \| ( (lset_t)1 << (ISAKMP_NEXT_D)) \| ((lset_t)1 << (ISAKMP_NEXT_CR )) \| ((lset_t)1 << (ISAKMP_NEXT_CERT)))) == ((lset_t)0) )
2141	needed \| smc->opt_payloads \|(((s) & (needed \| smc->opt_payloads \| ((lset_t)1 << (ISAKMP_NEXT_VID)) \| ((lset_t)1 << (ISAKMP_NEXT_N)) \| ( (lset_t)1 << (ISAKMP_NEXT_D)) \| ((lset_t)1 << (ISAKMP_NEXT_CR )) \| ((lset_t)1 << (ISAKMP_NEXT_CERT)))) == ((lset_t)0) )
2142	LELEM(ISAKMP_NEXT_VID) \|(((s) & (needed \| smc->opt_payloads \| ((lset_t)1 << (ISAKMP_NEXT_VID)) \| ((lset_t)1 << (ISAKMP_NEXT_N)) \| ( (lset_t)1 << (ISAKMP_NEXT_D)) \| ((lset_t)1 << (ISAKMP_NEXT_CR )) \| ((lset_t)1 << (ISAKMP_NEXT_CERT)))) == ((lset_t)0) )
2143	LELEM(ISAKMP_NEXT_N) \|(((s) & (needed \| smc->opt_payloads \| ((lset_t)1 << (ISAKMP_NEXT_VID)) \| ((lset_t)1 << (ISAKMP_NEXT_N)) \| ( (lset_t)1 << (ISAKMP_NEXT_D)) \| ((lset_t)1 << (ISAKMP_NEXT_CR )) \| ((lset_t)1 << (ISAKMP_NEXT_CERT)))) == ((lset_t)0) )
2144	LELEM(ISAKMP_NEXT_D) \|(((s) & (needed \| smc->opt_payloads \| ((lset_t)1 << (ISAKMP_NEXT_VID)) \| ((lset_t)1 << (ISAKMP_NEXT_N)) \| ( (lset_t)1 << (ISAKMP_NEXT_D)) \| ((lset_t)1 << (ISAKMP_NEXT_CR )) \| ((lset_t)1 << (ISAKMP_NEXT_CERT)))) == ((lset_t)0) )
2145	LELEM(ISAKMP_NEXT_CR) \|(((s) & (needed \| smc->opt_payloads \| ((lset_t)1 << (ISAKMP_NEXT_VID)) \| ((lset_t)1 << (ISAKMP_NEXT_N)) \| ( (lset_t)1 << (ISAKMP_NEXT_D)) \| ((lset_t)1 << (ISAKMP_NEXT_CR )) \| ((lset_t)1 << (ISAKMP_NEXT_CERT)))) == ((lset_t)0) )
2146	LELEM(ISAKMP_NEXT_CERT))(((s) & (needed \| smc->opt_payloads \| ((lset_t)1 << (ISAKMP_NEXT_VID)) \| ((lset_t)1 << (ISAKMP_NEXT_N)) \| ( (lset_t)1 << (ISAKMP_NEXT_D)) \| ((lset_t)1 << (ISAKMP_NEXT_CR )) \| ((lset_t)1 << (ISAKMP_NEXT_CERT)))) == ((lset_t)0) )) {
2147	esb_buf b;
2148	LOG_PACKET(RC_LOG_SERIOUS,{ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "%smessage ignored because it contains a payload type (%s) unexpected by state %s" , excuse, enum_show(&ikev1_payload_names, np, &b), finite_states [smc->state]->name); } else { llog(RC_LOG_SERIOUS, md-> md_logger, "%smessage ignored because it contains a payload type (%s) unexpected by state %s" , excuse, enum_show(&ikev1_payload_names, np, &b), finite_states [smc->state]->name); } }
2149	"%smessage ignored because it contains a payload type (%s) unexpected by state %s",{ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "%smessage ignored because it contains a payload type (%s) unexpected by state %s" , excuse, enum_show(&ikev1_payload_names, np, &b), finite_states [smc->state]->name); } else { llog(RC_LOG_SERIOUS, md-> md_logger, "%smessage ignored because it contains a payload type (%s) unexpected by state %s" , excuse, enum_show(&ikev1_payload_names, np, &b), finite_states [smc->state]->name); } }
2150	excuse,{ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "%smessage ignored because it contains a payload type (%s) unexpected by state %s" , excuse, enum_show(&ikev1_payload_names, np, &b), finite_states [smc->state]->name); } else { llog(RC_LOG_SERIOUS, md-> md_logger, "%smessage ignored because it contains a payload type (%s) unexpected by state %s" , excuse, enum_show(&ikev1_payload_names, np, &b), finite_states [smc->state]->name); } }
2151	enum_show(&ikev1_payload_names, np, &b),{ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "%smessage ignored because it contains a payload type (%s) unexpected by state %s" , excuse, enum_show(&ikev1_payload_names, np, &b), finite_states [smc->state]->name); } else { llog(RC_LOG_SERIOUS, md-> md_logger, "%smessage ignored because it contains a payload type (%s) unexpected by state %s" , excuse, enum_show(&ikev1_payload_names, np, &b), finite_states [smc->state]->name); } }
2152	finite_states[smc->state]->name){ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "%smessage ignored because it contains a payload type (%s) unexpected by state %s" , excuse, enum_show(&ikev1_payload_names, np, &b), finite_states [smc->state]->name); } else { llog(RC_LOG_SERIOUS, md-> md_logger, "%smessage ignored because it contains a payload type (%s) unexpected by state %s" , excuse, enum_show(&ikev1_payload_names, np, &b), finite_states [smc->state]->name); } };
2153	if (!md->encrypted) {
2154	SEND_NOTIFICATION(INVALID_PAYLOAD_TYPE){ { const unsigned __pstat = (INVALID_PAYLOAD_TYPE); if (__pstat < (sizeof(pstats_ikev1_sent_notifies_e) / sizeof((pstats_ikev1_sent_notifies_e )))) { pstats_ikev1_sent_notifies_e[__pstat]++; } else if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX))))) { DBG_log("pstats %s %d" , "ikev1_sent_notifies_e", __pstat); } }; if (st != ((void)0 )) send_notification_from_state(st, from_state, INVALID_PAYLOAD_TYPE ); else send_notification_from_md(md, INVALID_PAYLOAD_TYPE); };
2155	}
2156	return;
2157	}
2158
2159	esb_buf b;
2160	dbg("got payload 0x%" PRIxLSET" (%s) needed: 0x%" PRIxLSET " opt: 0x%" PRIxLSET,{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("got payload 0x%" "l" "x"" (%s) needed: 0x%" "l" "x" " opt: 0x%" "l" "x", s, enum_show(&ikev1_payload_names , np, &b), needed, smc->opt_payloads); } }
2161	s, enum_show(&ikev1_payload_names, np, &b),{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("got payload 0x%" "l" "x"" (%s) needed: 0x%" "l" "x" " opt: 0x%" "l" "x", s, enum_show(&ikev1_payload_names , np, &b), needed, smc->opt_payloads); } }
2162	needed, smc->opt_payloads){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("got payload 0x%" "l" "x"" (%s) needed: 0x%" "l" "x" " opt: 0x%" "l" "x", s, enum_show(&ikev1_payload_names , np, &b), needed, smc->opt_payloads); } };
2163	needed &= ~s;
2164	}
2165
2166	/*
2167	* Read in the payload recording what type it
2168	* should be
2169	*/
2170	pd->payload_type = np;
2171	diag_t d = pbs_in_struct(&md->message_pbs, sd,
2172	&pd->payload, sizeof(pd->payload),
2173	&pd->pbs);
2174	if (d != NULL((void*)0)) {
2175	llog_diag(RC_LOG, st->st_logger, &d, "%s", "");
2176	LOG_PACKET(RC_LOG_SERIOUS,{ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "%smalformed payload in packet" , excuse); } else { llog(RC_LOG_SERIOUS, md->md_logger, "%smalformed payload in packet" , excuse); } }
2177	"%smalformed payload in packet",{ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "%smalformed payload in packet" , excuse); } else { llog(RC_LOG_SERIOUS, md->md_logger, "%smalformed payload in packet" , excuse); } }
2178	excuse){ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "%smalformed payload in packet" , excuse); } else { llog(RC_LOG_SERIOUS, md->md_logger, "%smalformed payload in packet" , excuse); } };
2179	if (!md->encrypted) {
2180	SEND_NOTIFICATION(PAYLOAD_MALFORMED){ { const unsigned __pstat = (PAYLOAD_MALFORMED); if (__pstat < (sizeof(pstats_ikev1_sent_notifies_e) / sizeof((pstats_ikev1_sent_notifies_e )))) { pstats_ikev1_sent_notifies_e[__pstat]++; } else if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX))))) { DBG_log("pstats %s %d" , "ikev1_sent_notifies_e", __pstat); } }; if (st != ((void)0 )) send_notification_from_state(st, from_state, PAYLOAD_MALFORMED ); else send_notification_from_md(md, PAYLOAD_MALFORMED); };
2181	}
2182	return;
2183	}
2184
2185	/* do payload-type specific debugging */
2186	switch (np) {
2187	case ISAKMP_NEXT_ID:
2188	case ISAKMP_NEXT_NATOA_RFC:
2189	/* dump ID section */
2190	if (DBGP(DBG_BASE)(cur_debugging & (((lset_t)1 << (DBG_BASE_IX))))) {
2191	DBG_dump(" obj: ", pd->pbs.cur,
2192	pbs_left(&pd->pbs)((size_t)((&pd->pbs)->roof - (&pd->pbs)-> cur)));
2193	}
2194	break;
2195	default:
2196	break;
2197	}
2198
2199
2200	/*
2201	* Place payload at the end of the chain for this type.
2202	* This code appears in ikev1.c and ikev2.c.
2203	*/
2204	{
2205	/* np is a proper subscript for chain[] */
2206	passert(np < elemsof(md->chain))({ _Bool assertion__ = np < (sizeof(md->chain) / sizeof ((md->chain))); if (!assertion__) { where_t here = ({ static const struct where here = { .func = __func__, .file = "programs/pluto/ikev1.c" , .line = 2206, }; &here; }); const struct logger logger_ = &failsafe_logger; llog_passert(logger_, here, "%s", "np < (sizeof(md->chain) / sizeof(*(md->chain)))" ); } (void) 1; });
2207	struct payload_digest **p = &md->chain[np];
2208
2209	while (p != NULL((void)0))
2210	p = &(*p)->next;
2211	*p = pd;
2212	pd->next = NULL((void*)0);
2213	}
2214
2215	np = pd->payload.generic.isag_np;
2216	md->digest_roof++;
2217
2218	/* since we've digested one payload happily, it is probably
2219	* the case that any decryption worked. So we will not suggest
2220	* encryption failure as an excuse for subsequent payload
2221	* problems.
2222	*/
2223	excuse = "";
2224	}
2225
2226	if (DBGP(DBG_BASE)(cur_debugging & (((lset_t)1 << (DBG_BASE_IX)))) &&
2227	pbs_left(&md->message_pbs)((size_t)((&md->message_pbs)->roof - (&md->message_pbs )->cur)) != 0) {
2228	DBG_log("removing %d bytes of padding",
2229	(int) pbs_left(&md->message_pbs)((size_t)((&md->message_pbs)->roof - (&md->message_pbs )->cur)));
2230	}
2231
2232	md->message_pbs.roof = md->message_pbs.cur;
2233
2234	/* check that all mandatory payloads appeared */
2235
2236	if (needed != 0) {
2237	LOG_PACKET_JAMBUF(RC_LOG_SERIOUS, buf)for (char lswbuf[((size_t)1024)], lswbuf_ = lswbuf; lswbuf_ != ((void)0); lswbuf_ = ((void)0)) for (struct jambuf jambuf = array_as_jambuf((lswbuf), sizeof(lswbuf)), buf = &jambuf ; buf != ((void)0); buf = ((void)0)) for (({ if (((RC_LOG_SERIOUS ) & NO_PREFIX) == ((lset_t)0) && (((RC_LOG_SERIOUS ) & STREAM_MASK) != DEBUG_STREAM \|\| (cur_debugging & ( ((lset_t)1 << (DBG_ADD_PREFIX_IX)))))) { ((st != ((void )0) ? st->st_logger : md->md_logger))->object_vec-> jam_object_prefix(buf, ((st != ((void)0) ? st->st_logger : md->md_logger))->object); } }); buf != ((void)0); jambuf_to_logger (buf, ((st != ((void)0) ? st->st_logger : md->md_logger )), RC_LOG_SERIOUS), buf = ((void*)0)) {
2238	jam(buf, "message for %s is missing payloads ",
2239	finite_states[from_state]->name);
2240	jam_lset_short(buf, &ikev1_payload_names, "+", needed);
2241	}
2242	if (!md->encrypted) {
2243	SEND_NOTIFICATION(PAYLOAD_MALFORMED){ { const unsigned __pstat = (PAYLOAD_MALFORMED); if (__pstat < (sizeof(pstats_ikev1_sent_notifies_e) / sizeof((pstats_ikev1_sent_notifies_e )))) { pstats_ikev1_sent_notifies_e[__pstat]++; } else if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX))))) { DBG_log("pstats %s %d" , "ikev1_sent_notifies_e", __pstat); } }; if (st != ((void)0 )) send_notification_from_state(st, from_state, PAYLOAD_MALFORMED ); else send_notification_from_md(md, PAYLOAD_MALFORMED); };
2244	}
2245	return;
2246	}
2247	}
2248
2249	if (!check_v1_HASH(smc->hash_type, smc->message, st, md)) {
2250	/SEND_NOTIFICATION(INVALID_HASH_INFORMATION);/
2251	return;
2252	}
2253
2254	/* more sanity checking: enforce most ordering constraints */
2255
2256	if (IS_V1_PHASE1(from_state)(STATE_MAIN_R0 <= (from_state) && (from_state) <= STATE_AGGR_R2) \|\| IS_V1_PHASE15(from_state)(STATE_XAUTH_R0 <= (from_state) && (from_state) <= STATE_XAUTH_I1)) {
2257	/* rfc2409: The Internet Key Exchange (IKE), 5 Exchanges:
2258	* "The SA payload MUST precede all other payloads in a phase 1 exchange."
2259	*/
2260	if (md->chain[ISAKMP_NEXT_SA] != NULL((void*)0) &&
2261	md->hdr.isa_np != ISAKMP_NEXT_SA) {
2262	LOG_PACKET(RC_LOG_SERIOUS,{ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "malformed Phase 1 message: does not start with an SA payload" ); } else { llog(RC_LOG_SERIOUS, md->md_logger, "malformed Phase 1 message: does not start with an SA payload" ); } }
2263	"malformed Phase 1 message: does not start with an SA payload"){ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "malformed Phase 1 message: does not start with an SA payload" ); } else { llog(RC_LOG_SERIOUS, md->md_logger, "malformed Phase 1 message: does not start with an SA payload" ); } };
2264	if (!md->encrypted) {
2265	SEND_NOTIFICATION(PAYLOAD_MALFORMED){ { const unsigned __pstat = (PAYLOAD_MALFORMED); if (__pstat < (sizeof(pstats_ikev1_sent_notifies_e) / sizeof((pstats_ikev1_sent_notifies_e )))) { pstats_ikev1_sent_notifies_e[__pstat]++; } else if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX))))) { DBG_log("pstats %s %d" , "ikev1_sent_notifies_e", __pstat); } }; if (st != ((void)0 )) send_notification_from_state(st, from_state, PAYLOAD_MALFORMED ); else send_notification_from_md(md, PAYLOAD_MALFORMED); };
2266	}
2267	return;
2268	}
2269	} else if (IS_V1_QUICK(from_state)(STATE_QUICK_R0 <= (from_state) && (from_state) <= STATE_QUICK_R2)) {
2270	/* rfc2409: The Internet Key Exchange (IKE), 5.5 Phase 2 - Quick Mode
2271	*
2272	* "In Quick Mode, a HASH payload MUST immediately follow the ISAKMP
2273	* header and a SA payload MUST immediately follow the HASH."
2274	* [NOTE: there may be more than one SA payload, so this is not
2275	* totally reasonable. Probably all SAs should be so constrained.]
2276	*
2277	* "If ISAKMP is acting as a client negotiator on behalf of another
2278	* party, the identities of the parties MUST be passed as IDci and
2279	* then IDcr."
2280	*
2281	* "With the exception of the HASH, SA, and the optional ID payloads,
2282	* there are no payload ordering restrictions on Quick Mode."
2283	*/
2284
2285	if (md->hdr.isa_np != ISAKMP_NEXT_HASH) {
2286	LOG_PACKET(RC_LOG_SERIOUS,{ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "malformed Quick Mode message: does not start with a HASH payload" ); } else { llog(RC_LOG_SERIOUS, md->md_logger, "malformed Quick Mode message: does not start with a HASH payload" ); } }
2287	"malformed Quick Mode message: does not start with a HASH payload"){ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "malformed Quick Mode message: does not start with a HASH payload" ); } else { llog(RC_LOG_SERIOUS, md->md_logger, "malformed Quick Mode message: does not start with a HASH payload" ); } };
2288	if (!md->encrypted) {
2289	SEND_NOTIFICATION(PAYLOAD_MALFORMED){ { const unsigned __pstat = (PAYLOAD_MALFORMED); if (__pstat < (sizeof(pstats_ikev1_sent_notifies_e) / sizeof((pstats_ikev1_sent_notifies_e )))) { pstats_ikev1_sent_notifies_e[__pstat]++; } else if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX))))) { DBG_log("pstats %s %d" , "ikev1_sent_notifies_e", __pstat); } }; if (st != ((void)0 )) send_notification_from_state(st, from_state, PAYLOAD_MALFORMED ); else send_notification_from_md(md, PAYLOAD_MALFORMED); };
2290	}
2291	return;
2292	}
2293
2294	{
2295	struct payload_digest *p;
2296	int i;
2297
2298	p = md->chain[ISAKMP_NEXT_SA];
2299	i = 1;
2300	while (p != NULL((void*)0)) {
2301	if (p != &md->digest[i]) {
2302	LOG_PACKET(RC_LOG_SERIOUS,{ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "malformed Quick Mode message: SA payload is in wrong position" ); } else { llog(RC_LOG_SERIOUS, md->md_logger, "malformed Quick Mode message: SA payload is in wrong position" ); } }
2303	"malformed Quick Mode message: SA payload is in wrong position"){ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "malformed Quick Mode message: SA payload is in wrong position" ); } else { llog(RC_LOG_SERIOUS, md->md_logger, "malformed Quick Mode message: SA payload is in wrong position" ); } };
2304	if (!md->encrypted) {
2305	SEND_NOTIFICATION(PAYLOAD_MALFORMED){ { const unsigned __pstat = (PAYLOAD_MALFORMED); if (__pstat < (sizeof(pstats_ikev1_sent_notifies_e) / sizeof((pstats_ikev1_sent_notifies_e )))) { pstats_ikev1_sent_notifies_e[__pstat]++; } else if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX))))) { DBG_log("pstats %s %d" , "ikev1_sent_notifies_e", __pstat); } }; if (st != ((void)0 )) send_notification_from_state(st, from_state, PAYLOAD_MALFORMED ); else send_notification_from_md(md, PAYLOAD_MALFORMED); };
2306	}
2307	return;
2308	}
2309	p = p->next;
2310	i++;
2311	}
2312	}
2313
2314	/* rfc2409: The Internet Key Exchange (IKE), 5.5 Phase 2 - Quick Mode:
2315	* "If ISAKMP is acting as a client negotiator on behalf of another
2316	* party, the identities of the parties MUST be passed as IDci and
2317	* then IDcr."
2318	*/
2319	{
2320	struct payload_digest *id = md->chain[ISAKMP_NEXT_ID];
2321
2322	if (id != NULL((void*)0)) {
2323	if (id->next == NULL((void*)0) \|\|
2324	id->next->next != NULL((void*)0)) {
2325	LOG_PACKET(RC_LOG_SERIOUS,{ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "malformed Quick Mode message: if any ID payload is present, there must be exactly two" ); } else { llog(RC_LOG_SERIOUS, md->md_logger, "malformed Quick Mode message: if any ID payload is present, there must be exactly two" ); } }
2326	"malformed Quick Mode message: if any ID payload is present, there must be exactly two"){ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "malformed Quick Mode message: if any ID payload is present, there must be exactly two" ); } else { llog(RC_LOG_SERIOUS, md->md_logger, "malformed Quick Mode message: if any ID payload is present, there must be exactly two" ); } };
2327	SEND_NOTIFICATION(PAYLOAD_MALFORMED){ { const unsigned __pstat = (PAYLOAD_MALFORMED); if (__pstat < (sizeof(pstats_ikev1_sent_notifies_e) / sizeof((pstats_ikev1_sent_notifies_e )))) { pstats_ikev1_sent_notifies_e[__pstat]++; } else if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX))))) { DBG_log("pstats %s %d" , "ikev1_sent_notifies_e", __pstat); } }; if (st != ((void)0 )) send_notification_from_state(st, from_state, PAYLOAD_MALFORMED ); else send_notification_from_md(md, PAYLOAD_MALFORMED); };
2328	return;
2329	}
2330	if (id + 1 != id->next) {
2331	LOG_PACKET(RC_LOG_SERIOUS,{ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "malformed Quick Mode message: the ID payloads are not adjacent" ); } else { llog(RC_LOG_SERIOUS, md->md_logger, "malformed Quick Mode message: the ID payloads are not adjacent" ); } }
2332	"malformed Quick Mode message: the ID payloads are not adjacent"){ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "malformed Quick Mode message: the ID payloads are not adjacent" ); } else { llog(RC_LOG_SERIOUS, md->md_logger, "malformed Quick Mode message: the ID payloads are not adjacent" ); } };
2333	SEND_NOTIFICATION(PAYLOAD_MALFORMED){ { const unsigned __pstat = (PAYLOAD_MALFORMED); if (__pstat < (sizeof(pstats_ikev1_sent_notifies_e) / sizeof((pstats_ikev1_sent_notifies_e )))) { pstats_ikev1_sent_notifies_e[__pstat]++; } else if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX))))) { DBG_log("pstats %s %d" , "ikev1_sent_notifies_e", __pstat); } }; if (st != ((void)0 )) send_notification_from_state(st, from_state, PAYLOAD_MALFORMED ); else send_notification_from_md(md, PAYLOAD_MALFORMED); };
2334	return;
2335	}
2336	}
2337	}
2338	}
2339
2340	/*
2341	* Ignore payloads that we don't handle:
2342	*/
2343	/* XXX Handle Notifications */
2344	{
2345	struct payload_digest *p = md->chain[ISAKMP_NEXT_N];
2346
2347	while (p != NULL((void*)0)) {
2348	switch (p->payload.notification.isan_type) {
2349	case R_U_THERE:
2350	case R_U_THERE_ACK:
2351	case ISAKMP_N_CISCO_LOAD_BALANCE:
2352	case PAYLOAD_MALFORMED:
2353	case INVALID_MESSAGE_ID:
2354	case IPSEC_RESPONDER_LIFETIME:
2355	if (md->hdr.isa_xchg == ISAKMP_XCHG_INFO) {
2356	/* these are handled later on in informational() */
2357	break;
2358	}
2359	/* FALL THROUGH */
2360	default:
2361	if (st == NULL((void*)0)) {
2362	esb_buf b;
2363	dbg("ignoring informational payload %s, no corresponding state",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("ignoring informational payload %s, no corresponding state" , enum_show(& ikev1_notify_names, p->payload.notification .isan_type, &b)); } }
2364	enum_show(& ikev1_notify_names,{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("ignoring informational payload %s, no corresponding state" , enum_show(& ikev1_notify_names, p->payload.notification .isan_type, &b)); } }
2365	p->payload.notification.isan_type, &b)){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("ignoring informational payload %s, no corresponding state" , enum_show(& ikev1_notify_names, p->payload.notification .isan_type, &b)); } };
2366	} else {
2367	esb_buf b;
2368	LOG_PACKET(RC_LOG_SERIOUS,{ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "ignoring informational payload %s, msgid=%08" "x" ", length=%d", enum_show(&ikev1_notify_names, p-> payload.notification.isan_type, &b), st->st_v1_msgid.id , p->payload.notification.isan_length); } else { llog(RC_LOG_SERIOUS , md->md_logger, "ignoring informational payload %s, msgid=%08" "x" ", length=%d", enum_show(&ikev1_notify_names, p-> payload.notification.isan_type, &b), st->st_v1_msgid.id , p->payload.notification.isan_length); } }
2369	"ignoring informational payload %s, msgid=%08" PRIx32 ", length=%d",{ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "ignoring informational payload %s, msgid=%08" "x" ", length=%d", enum_show(&ikev1_notify_names, p-> payload.notification.isan_type, &b), st->st_v1_msgid.id , p->payload.notification.isan_length); } else { llog(RC_LOG_SERIOUS , md->md_logger, "ignoring informational payload %s, msgid=%08" "x" ", length=%d", enum_show(&ikev1_notify_names, p-> payload.notification.isan_type, &b), st->st_v1_msgid.id , p->payload.notification.isan_length); } }
2370	enum_show(&ikev1_notify_names,{ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "ignoring informational payload %s, msgid=%08" "x" ", length=%d", enum_show(&ikev1_notify_names, p-> payload.notification.isan_type, &b), st->st_v1_msgid.id , p->payload.notification.isan_length); } else { llog(RC_LOG_SERIOUS , md->md_logger, "ignoring informational payload %s, msgid=%08" "x" ", length=%d", enum_show(&ikev1_notify_names, p-> payload.notification.isan_type, &b), st->st_v1_msgid.id , p->payload.notification.isan_length); } }
2371	p->payload.notification.isan_type,{ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "ignoring informational payload %s, msgid=%08" "x" ", length=%d", enum_show(&ikev1_notify_names, p-> payload.notification.isan_type, &b), st->st_v1_msgid.id , p->payload.notification.isan_length); } else { llog(RC_LOG_SERIOUS , md->md_logger, "ignoring informational payload %s, msgid=%08" "x" ", length=%d", enum_show(&ikev1_notify_names, p-> payload.notification.isan_type, &b), st->st_v1_msgid.id , p->payload.notification.isan_length); } }
2372	&b),{ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "ignoring informational payload %s, msgid=%08" "x" ", length=%d", enum_show(&ikev1_notify_names, p-> payload.notification.isan_type, &b), st->st_v1_msgid.id , p->payload.notification.isan_length); } else { llog(RC_LOG_SERIOUS , md->md_logger, "ignoring informational payload %s, msgid=%08" "x" ", length=%d", enum_show(&ikev1_notify_names, p-> payload.notification.isan_type, &b), st->st_v1_msgid.id , p->payload.notification.isan_length); } }
2373	st->st_v1_msgid.id,{ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "ignoring informational payload %s, msgid=%08" "x" ", length=%d", enum_show(&ikev1_notify_names, p-> payload.notification.isan_type, &b), st->st_v1_msgid.id , p->payload.notification.isan_length); } else { llog(RC_LOG_SERIOUS , md->md_logger, "ignoring informational payload %s, msgid=%08" "x" ", length=%d", enum_show(&ikev1_notify_names, p-> payload.notification.isan_type, &b), st->st_v1_msgid.id , p->payload.notification.isan_length); } }
2374	p->payload.notification.isan_length){ if (st != ((void*)0)) { log_state(RC_LOG_SERIOUS, st, "ignoring informational payload %s, msgid=%08" "x" ", length=%d", enum_show(&ikev1_notify_names, p-> payload.notification.isan_type, &b), st->st_v1_msgid.id , p->payload.notification.isan_length); } else { llog(RC_LOG_SERIOUS , md->md_logger, "ignoring informational payload %s, msgid=%08" "x" ", length=%d", enum_show(&ikev1_notify_names, p-> payload.notification.isan_type, &b), st->st_v1_msgid.id , p->payload.notification.isan_length); } };
2375	if (DBGP(DBG_BASE)(cur_debugging & (((lset_t)1 << (DBG_BASE_IX))))) {
2376	DBG_dump_pbs(&p->pbs)DBG_dump((&p->pbs)->name, (&p->pbs)->start , ((size_t)((&p->pbs)->cur - (&p->pbs)->start )));
2377	}
2378	}
2379	}
2380	if (DBGP(DBG_BASE)(cur_debugging & (((lset_t)1 << (DBG_BASE_IX))))) {
2381	DBG_dump("info:", p->pbs.cur,
2382	pbs_left(&p->pbs)((size_t)((&p->pbs)->roof - (&p->pbs)->cur )));
2383	}
2384
2385	p = p->next;
2386	}
2387
2388	p = md->chain[ISAKMP_NEXT_D];
2389	while (p != NULL((void*)0)) {
2390	self_delete \|= accept_delete(md, p);
2391	if (DBGP(DBG_BASE)(cur_debugging & (((lset_t)1 << (DBG_BASE_IX))))) {
2392	DBG_dump("del:", p->pbs.cur,
2393	pbs_left(&p->pbs)((size_t)((&p->pbs)->roof - (&p->pbs)->cur )));
2394	}
2395	if (md->v1_st != st) {
2396	pexpect(md->v1_st == NULL)({ _Bool assertion__ = md->v1_st == ((void)0); if (!assertion__ ) { where_t here_ = ({ static const struct where here = { .func = __func__, .file = "programs/pluto/ikev1.c", .line = 2396, } ; &here; }); const struct logger logger_ = &failsafe_logger ; llog_pexpect(logger_, here_, "%s", "md->v1_st == ((void*)0)" ); } assertion__; });
2397	dbg("zapping ST as accept_delete() zapped MD.ST"){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("zapping ST as accept_delete() zapped MD.ST"); } };
2398	st = md->v1_st;
2399	}
2400	p = p->next;
2401	}
2402
2403	p = md->chain[ISAKMP_NEXT_VID];
2404	while (p != NULL((void*)0)) {
2405	handle_vendorid(md, (char *)p->pbs.cur,
2406	pbs_left(&p->pbs)((size_t)((&p->pbs)->roof - (&p->pbs)->cur )), false0,
2407	st != NULL((void*)0) ? st->st_logger : md->md_logger);
2408	p = p->next;
2409	}
2410	}
2411
2412	if (self_delete) {
2413	accept_self_delete(md);
2414	st = md->v1_st;
2415	/* note: st ought to be NULL from here on */
2416	}
2417
2418	pexpect(st == md->v1_st)({ _Bool assertion__ = st == md->v1_st; if (!assertion__) { where_t here_ = ({ static const struct where here = { .func = __func__, .file = "programs/pluto/ikev1.c", .line = 2418, }; &here; }); const struct logger *logger_ = &failsafe_logger ; llog_pexpect(logger_, here_, "%s", "st == md->v1_st"); } assertion__; });
2419	statetime_t start = statetime_start(md->v1_st);
2420	/*
2421	* XXX: danger - the .informational() processor deletes ST;
2422	* and then tunnels this loss through MD.ST.
2423	*/
2424	stf_status e =smc->processor(st, md);
2425	complete_v1_state_transition(md->v1_st, md, e);
2426	statetime_stop(&start, "%s()", __func__);
2427	/* our caller will release_any_md(mdp); */
2428	}
2429
2430	/*
2431	* replace previous receive packet with latest, to update
2432	* our notion of a retransmitted packet. This is important
2433	* to do, even for failing transitions, and suspended transitions
2434	* because the sender may well retransmit their request.
2435	* We had better be idempotent since we can be called
2436	* multiple times in handling a packet due to crypto helper logic.
2437	*/
2438	static void remember_received_packet(struct state st, struct msg_digest md)
2439	{
2440	if (md->encrypted) {
2441	/* if encrypted, duplication already done */
2442	if (md->raw_packet.ptr != NULL((void*)0)) {
2443	pfreeany(st->st_v1_rpacket.ptr){ typeof(st->st_v1_rpacket.ptr) pp_ = &(st->st_v1_rpacket .ptr); if (pp_ != ((void)0)) { pfree(pp_); pp_ = ((void) 0); } };
2444	st->st_v1_rpacket = md->raw_packet;
2445	md->raw_packet = EMPTY_CHUNK((const chunk_t) { .ptr = ((void*)0), .len = 0 });
2446	}
2447	} else {
2448	/* this may be a repeat, but it will work */
2449	replace_chunk(&st->st_v1_rpacket,
2450	clone_bytes_as_chunk(md->packet_pbs.start,
2451	pbs_room(&md->packet_pbs)((size_t)((&md->packet_pbs)->roof - (&md->packet_pbs )->start)),
2452	"raw packet"));
2453	}
2454	}
2455
2456	static void jam_v1_ipsec_details(struct jambuf buf, struct state st)
2457	{
2458	struct connection *const c = st->st_connection;
2459	jam_string(buf, c->policy & POLICY_TUNNEL((lset_t)1 << (POLICY_TUNNEL_IX)) ? "tunnel mode" : "transport mode");
2460	jam(buf, " ");
2461	jam_child_sa_details(buf, st);
2462	}
2463
2464	static void jam_v1_isakmp_details(struct jambuf buf, struct state st)
2465	{
2466	jam_parent_sa_details(buf, st);
2467	}
2468
2469	/* complete job started by the state-specific state transition function
2470	*
2471	* This routine will not release_any_md(mdp). It is expected that its
2472	* caller will do this. In fact, it will zap *mdp to NULL if it thinks
2473	* **mdp should not be freed. So the caller should be prepared for
2474	* *mdp being set to NULL.
2475	*
2476	* md is used to:
2477	* - find st
2478	* - find from_state (st might be gone)
2479	* - find note for STF_FAIL (might not be part of result (STF_FAIL+note))
2480	* - find note for STF_INTERNAL_ERROR
2481	* - record md->event_already_set
2482	* - remember_received_packet(st, md);
2483	* - nat_traversal_change_port_lookup(md, st);
2484	* - smc for smc->next_state
2485	* - smc for smc->flags & SMF_REPLY to trigger a reply
2486	* - smc for smc->timeout_event
2487	* - smc for !(smc->flags & SMF_INITIATOR) for Contivity mode
2488	* - smc for smc->flags & SMF_RELEASE_PENDING_P2 to trigger unpend call
2489	* - smc for smc->flags & SMF_INITIATOR to adjust retransmission
2490	* - fragvid, dpd, nortel
2491	*/
2492	void complete_v1_state_transition(struct state st, struct msg_digest md, stf_status result)
2493	{
2494	/* handle oddball/meta results now */
2495
2496	/*
2497	* statistics; lump all FAILs together
2498	*
2499	* Fun fact: using min() stupidly fails (at least in GCC 8.1.1 with -Werror=sign-compare)
2500	* error: comparison of integer expressions of different signedness: `stf_status' {aka `enum <anonymous>'} and `int'
2501	*/
2502	pstats(ike_stf, PMIN(result, STF_FAIL)){ const unsigned __pstat = (((result) <= (STF_FAIL) ? (result ) : (STF_FAIL))); if (__pstat < (sizeof(pstats_ike_stf) / sizeof (*(pstats_ike_stf)))) { pstats_ike_stf[__pstat]++; } else if ( (cur_debugging & (((lset_t)1 << (DBG_BASE_IX))))) { DBG_log("pstats %s %d", "ike_stf", __pstat); } };
2503
2504	dbg("complete v1 state transition with %s",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("complete v1 state transition with %s", result > STF_FAIL ? enum_name(&ikev1_notify_names, result - STF_FAIL ) : enum_name(&stf_status_names, result)); } }
2505	result > STF_FAIL ?{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("complete v1 state transition with %s", result > STF_FAIL ? enum_name(&ikev1_notify_names, result - STF_FAIL ) : enum_name(&stf_status_names, result)); } }
2506	enum_name(&ikev1_notify_names, result - STF_FAIL) :{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("complete v1 state transition with %s", result > STF_FAIL ? enum_name(&ikev1_notify_names, result - STF_FAIL ) : enum_name(&stf_status_names, result)); } }
2507	enum_name(&stf_status_names, result)){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("complete v1 state transition with %s", result > STF_FAIL ? enum_name(&ikev1_notify_names, result - STF_FAIL ) : enum_name(&stf_status_names, result)); } };
2508
2509	switch (result) {
2510	case STF_SUSPEND:
2511	/*
2512	* If this transition was triggered by an incoming
2513	* packet, save it.
2514	*
2515	* XXX: some initiator code creates a fake MD (there
2516	* isn't a real one); save that as well.
2517	*/
2518	passert(md != NULL)({ _Bool assertion__ = md != ((void)0); if (!assertion__) { where_t here = ({ static const struct where here = { .func = __func__ , .file = "programs/pluto/ikev1.c", .line = 2518, }; &here ; }); const struct logger logger_ = &failsafe_logger; llog_passert (logger_, here, "%s", "md != ((void*)0)"); } (void) 1; });
2519	suspend_any_md(md->v1_st, md){ if (md != ((void)0)) { { if ((cur_debugging & (((lset_t )1 << (DBG_BASE_IX))))) { DBG_log("suspending state #%lu and saving MD %p" , (md->v1_st)->st_serialno, md); } }; ({ _Bool assertion__ = (md->v1_st)->st_suspended_md == ((void)0); if (!assertion__ ) { where_t here = ({ static const struct where here = { .func = __func__, .file = "programs/pluto/ikev1.c", .line = 2519, } ; &here; }); const struct logger logger_ = &failsafe_logger ; llog_passert(logger_, here, "%s", "(md->v1_st)->st_suspended_md == ((void)0)" ); } (void) 1; }); (md->v1_st)->st_suspended_md = md_addref (md, ({ static const struct where here = { .func = __func__, . file = "programs/pluto/ikev1.c", .line = 2519, }; &here; } )); (md->v1_st)->st_suspended_md_func = __func__; (md-> v1_st)->st_suspended_md_line = 2519; ({ _Bool assertion__ = state_is_busy(md->v1_st); if (!assertion__) { where_t here = ({ static const struct where here = { .func = __func__, .file = "programs/pluto/ikev1.c", .line = 2519, }; &here; }); const struct logger *logger_ = &failsafe_logger; llog_passert( logger_, here, "%s", "state_is_busy(md->v1_st)"); } (void) 1; }); } else { { if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX))))) { DBG_log("no MD to suspend"); } }; } };
2520	return;
2521	case STF_IGNORE:
2522	/* note: md might be NULL */
2523	return;
2524	default:
2525	passert(md != NULL)({ _Bool assertion__ = md != ((void)0); if (!assertion__) { where_t here = ({ static const struct where here = { .func = __func__ , .file = "programs/pluto/ikev1.c", .line = 2525, }; &here ; }); const struct logger logger_ = &failsafe_logger; llog_passert (logger_, here, "%s", "md != ((void*)0)"); } (void) 1; });
2526	break;
2527	}
2528
2529	/* safe to refer to md /
2530
2531	enum state_kind from_state = md->smc->state;
2532	st = md->v1_st;
2533
2534	passert(st != NULL)({ _Bool assertion__ = st != ((void)0); if (!assertion__) { where_t here = ({ static const struct where here = { .func = __func__ , .file = "programs/pluto/ikev1.c", .line = 2534, }; &here ; }); const struct logger logger_ = &failsafe_logger; llog_passert (logger_, here, "%s", "st != ((void*)0)"); } (void) 1; });
2535	pexpect(!state_is_busy(st))({ _Bool assertion__ = !state_is_busy(st); if (!assertion__) { where_t here_ = ({ static const struct where here = { .func = __func__, .file = "programs/pluto/ikev1.c", .line = 2535, }; &here; }); const struct logger *logger_ = &failsafe_logger ; llog_pexpect(logger_, here_, "%s", "!state_is_busy(st)"); } assertion__; });
2536
2537	if (result > STF_OK) {
2538	linux_audit_conn(md->v1_st, IS_V1_ISAKMP_SA_ESTABLISHED(md->v1_st)((((lset_t)1 << ((md->v1_st)->st_state->kind)) & (((lset_t)1 << (STATE_MAIN_R3)) \| ((lset_t)1 << (STATE_MAIN_I4)) \| ((lset_t)1 << (STATE_AGGR_I2)) \| (( lset_t)1 << (STATE_AGGR_R2)) \| ((lset_t)1 << (STATE_XAUTH_R0 )) \| ((lset_t)1 << (STATE_XAUTH_R1)) \| ((lset_t)1 << (STATE_MODE_CFG_R0)) \| ((lset_t)1 << (STATE_MODE_CFG_R1 )) \| ((lset_t)1 << (STATE_MODE_CFG_R2)) \| ((lset_t)1 << (STATE_MODE_CFG_I1)) \| ((lset_t)1 << (STATE_XAUTH_I0)) \| ((lset_t)1 << (STATE_XAUTH_I1)))) != ((lset_t)0)) ? LAK_CHILD_FAIL : LAK_PARENT_FAIL);
2539	}
2540
2541	switch (result) {
2542	case STF_OK:
2543	{
2544	/* advance the state */
2545	const struct state_v1_microcode *smc = md->smc;
2546
2547	dbg("doing_xauth:%s, t_xauth_client_done:%s",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("doing_xauth:%s, t_xauth_client_done:%s", bool_str (st->st_oakley.doing_xauth), bool_str(st->hidden_variables .st_xauth_client_done)); } }
2548	bool_str(st->st_oakley.doing_xauth),{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("doing_xauth:%s, t_xauth_client_done:%s", bool_str (st->st_oakley.doing_xauth), bool_str(st->hidden_variables .st_xauth_client_done)); } }
2549	bool_str(st->hidden_variables.st_xauth_client_done)){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("doing_xauth:%s, t_xauth_client_done:%s", bool_str (st->st_oakley.doing_xauth), bool_str(st->hidden_variables .st_xauth_client_done)); } };
2550
2551	/* accept info from VID because we accept this message */
2552
2553	/*
2554	* Most of below VIDs only appear Main/Aggr mode, not Quick mode,
2555	* so why are we checking them for each state transition?
2556	*/
2557
2558	if (md->fragvid) {
2559	dbg("peer supports fragmentation"){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("peer supports fragmentation"); } };
2560	st->st_seen_fragmentation_supported = true1;
2561	}
2562
2563	if (md->dpd) {
2564	dbg("peer supports DPD"){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("peer supports DPD"); } };
2565	st->hidden_variables.st_peer_supports_dpd = true1;
2566	if (dpd_active_locally(st)) {
2567	dbg("DPD is configured locally"){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("DPD is configured locally"); } };
2568	}
2569	}
2570
2571	/* If state has VID_NORTEL, import it to activate workaround */
2572	if (md->nortel) {
2573	dbg("peer requires Nortel Contivity workaround"){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("peer requires Nortel Contivity workaround"); } };
2574	st->st_seen_nortel_vid = true1;
2575	}
2576
2577	if (!st->st_v1_msgid.reserved &&
2578	IS_CHILD_SA(st)((st)->st_clonedfrom != 0) &&
2579	st->st_v1_msgid.id != v1_MAINMODE_MSGID((msgid_t) 0)) {
2580	struct state *p1st = state_with_serialno(
2581	st->st_clonedfrom);
2582
2583	if (p1st != NULL((void*)0)) {
2584	/* do message ID reservation */
2585	reserve_msgid(p1st, st->st_v1_msgid.id);
2586	}
2587
2588	st->st_v1_msgid.reserved = true1;
2589	}
2590
2591	dbg("IKEv1: transition from state %s to state %s",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("IKEv1: transition from state %s to state %s", finite_states[from_state]->name, finite_states[smc->next_state ]->name); } }
2592	finite_states[from_state]->name,{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("IKEv1: transition from state %s to state %s", finite_states[from_state]->name, finite_states[smc->next_state ]->name); } }
2593	finite_states[smc->next_state]->name){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("IKEv1: transition from state %s to state %s", finite_states[from_state]->name, finite_states[smc->next_state ]->name); } };
2594
2595	change_state(st, smc->next_state);
2596
2597	/*
2598	* XAUTH negotiation without ModeCFG cannot follow the regular
2599	* state machine change as it cannot be determined if the CFG
2600	* payload is "XAUTH OK, no ModeCFG" or "XAUTH OK, expect
2601	* ModeCFG". To the smc, these two cases look identical. So we
2602	* have an ad hoc state change here for the case where
2603	* we have XAUTH but not ModeCFG. We move it to the established
2604	* state, so the regular state machine picks up the Quick Mode.
2605	*/
2606	if (st->st_connection->spd.this.xauth_client &&
2607	st->hidden_variables.st_xauth_client_done &&
2608	!st->st_connection->spd.this.modecfg_client &&
2609	st->st_state->kind == STATE_XAUTH_I1)
2610	{
2611	bool_Bool aggrmode = LHAS(st->st_connection->policy, POLICY_AGGRESSIVE_IX)(((st->st_connection->policy) & ((lset_t)1 << (POLICY_AGGRESSIVE_IX))) != ((lset_t)0));
2612
2613	log_state(RC_LOG, st, "XAUTH completed; ModeCFG skipped as per configuration");
2614	change_state(st, aggrmode ? STATE_AGGR_I2 : STATE_MAIN_I4);
2615	st->st_v1_msgid.phase15 = v1_MAINMODE_MSGID((msgid_t) 0);
2616	}
2617
2618	/* Schedule for whatever timeout is specified */
2619	if (!md->event_already_set) {
2620	/*
2621	* This md variable is hardly ever set.
2622	* Only deals with v1 <-> v2 switching
2623	* which will be removed in the near future anyway
2624	* (PW 2017 Oct 8)
2625	*/
2626	dbg("event_already_set, deleting event"){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("event_already_set, deleting event"); } };
2627	/*
2628	* Delete previous retransmission event.
2629	* New event will be scheduled below.
2630	*/
2631	delete_event(st);
2632	clear_retransmits(st);
2633	}
2634
2635	/* Delete IKE fragments */
2636	free_v1_message_queues(st);
2637
2638	/* scrub the previous packet exchange */
2639	free_chunk_content(&st->st_v1_rpacket);
2640	free_chunk_content(&st->st_v1_tpacket);
2641
2642	/* in aggressive mode, there will be no reply packet in transition
2643	* from STATE_AGGR_R1 to STATE_AGGR_R2
2644	*/
2645	if (nat_traversal_enabled && st->st_connection->ikev1_natt != NATT_NONE) {
2646	/* adjust our destination port if necessary */
2647	nat_traversal_change_port_lookup(md, st);
2648	v1_maybe_natify_initiator_endpoints(st, HERE({ static const struct where here = { .func = __func__, .file = "programs/pluto/ikev1.c", .line = 2648, }; &here; }));
2649	}
2650
2651	/*
2652	* Save both the received packet, and this
2653	* state-transition.
2654	*
2655	* Only when the (last) state transition was a "reply"
2656	* should a duplicate packet trigger a retransmit
2657	* (else they get discarded).
2658	*
2659	* XXX: .st_state .fs_flags & SMF_REPLY can't
2660	* be used because it contains flags for the new state
2661	* not the old-to-new state transition.
2662	*/
2663	remember_received_packet(st, md);
2664	st->st_v1_last_transition = md->smc;
2665
2666	/* if requested, send the new reply packet */
2667	if (smc->flags & SMF_REPLY((lset_t)1 << (OAKLEY_AUTH_ROOF + 5))) {
2668	endpoint_buf b;
2669	endpoint_buf b2;
2670	pexpect_st_local_endpoint(st);
2671	dbg("sending reply packet to %s (from %s)",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("sending reply packet to %s (from %s)", str_endpoint (&st->st_remote_endpoint, &b), str_endpoint(&st ->st_interface->local_endpoint, &b2)); } }
2672	str_endpoint(&st->st_remote_endpoint, &b),{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("sending reply packet to %s (from %s)", str_endpoint (&st->st_remote_endpoint, &b), str_endpoint(&st ->st_interface->local_endpoint, &b2)); } }
2673	str_endpoint(&st->st_interface->local_endpoint, &b2)){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("sending reply packet to %s (from %s)", str_endpoint (&st->st_remote_endpoint, &b), str_endpoint(&st ->st_interface->local_endpoint, &b2)); } };
2674
2675	close_output_pbs(&reply_stream); /* good form, but actually a no-op */
2676
2677	if (st->st_state->kind == STATE_MAIN_R2 &&
2678	impair.send_no_main_r2) {
2679	/* record-only so we properly emulate packet drop */
2680	record_outbound_v1_ike_msg(st, &reply_stream,
2681	finite_states[from_state]->name);
2682	log_state(RC_LOG, st, "IMPAIR: Skipped sending STATE_MAIN_R2 response packet");
2683	} else {
2684	record_and_send_v1_ike_msg(st, &reply_stream,
2685	finite_states[from_state]->name);
2686	}
2687	}
2688
2689	/* Schedule for whatever timeout is specified */
2690	if (!md->event_already_set) {
2691	dbg("!event_already_set at reschedule"){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("!event_already_set at reschedule"); } };
2692	intmax_t delay_ms; /* delay is in milliseconds here */
2693	enum event_type kind = smc->timeout_event;
2694	bool_Bool agreed_time = false0;
2695	struct connection *c = st->st_connection;
2696
2697	/* fixup in case of state machine jump for xauth without modecfg */
2698	if (c->spd.this.xauth_client &&
2699	st->hidden_variables.st_xauth_client_done &&
2700	!c->spd.this.modecfg_client &&
2701	(st->st_state->kind == STATE_MAIN_I4 \|\| st->st_state->kind == STATE_AGGR_I2))
2702	{
2703	dbg("fixup XAUTH without ModeCFG event from EVENT_RETRANSMIT to EVENT_SA_REPLACE"){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("fixup XAUTH without ModeCFG event from EVENT_RETRANSMIT to EVENT_SA_REPLACE" ); } };
2704	kind = EVENT_SA_REPLACE;
2705	}
2706
2707	switch (kind) {
2708	case EVENT_RETRANSMIT: /* Retransmit packet */
2709	start_retransmits(st);
2710	break;
2711
2712	case EVENT_SA_REPLACE: /* SA replacement event */
2713	if (IS_V1_PHASE1(st->st_state->kind)(STATE_MAIN_R0 <= (st->st_state->kind) && (st ->st_state->kind) <= STATE_AGGR_R2) \|\|
2714	IS_V1_PHASE15(st->st_state->kind)(STATE_XAUTH_R0 <= (st->st_state->kind) && ( st->st_state->kind) <= STATE_XAUTH_I1)) {
2715	/* Note: we will defer to the "negotiated" (dictated)
2716	* lifetime if we are POLICY_DONT_REKEY.
2717	* This allows the other side to dictate
2718	* a time we would not otherwise accept
2719	* but it prevents us from having to initiate
2720	* rekeying. The negative consequences seem
2721	* minor.
2722	*/
2723	delay_ms = deltamillisecs(c->sa_ike_life_seconds);
2724	if ((c->policy & POLICY_DONT_REKEY((lset_t)1 << (POLICY_DONT_REKEY_IX))) \|\|
2725	delay_ms >= deltamillisecs(st->st_oakley.life_seconds))
2726	{
2727	agreed_time = true1;
2728	delay_ms = deltamillisecs(st->st_oakley.life_seconds);
2729	}
2730	} else {
2731	/* Delay is min of up to four things:
2732	* each can limit the lifetime.
2733	*/
2734	time_t delay = deltasecs(c->sa_ipsec_life_seconds);
2735
2736	#define clamp_delay(trans) { \
2737	if (st->trans.present && \
2738	delay >= deltasecs(st->trans.attrs.life_seconds)) { \
2739	agreed_time = true1; \
2740	delay = deltasecs(st->trans.attrs.life_seconds); \
2741	} \
2742	}
2743	clamp_delay(st_ah);
2744	clamp_delay(st_esp);
2745	clamp_delay(st_ipcomp);
2746	delay_ms = delay * 1000;
2747	#undef clamp_delay
2748	}
2749
2750	/* By default, we plan to rekey.
2751	*
2752	* If there isn't enough time to rekey, plan to
2753	* expire.
2754	*
2755	* If we are --dontrekey, a lot more rules apply.
2756	* If we are the Initiator, use REPLACE_IF_USED.
2757	* If we are the Responder, and the dictated time
2758	* was unacceptable (too large), plan to REPLACE
2759	* (the only way to ratchet down the time).
2760	* If we are the Responder, and the dictated time
2761	* is acceptable, plan to EXPIRE.
2762	*
2763	* Important policy lies buried here.
2764	* For example, we favour the initiator over the
2765	* responder by making the initiator start rekeying
2766	* sooner. Also, fuzz is only added to the
2767	* initiator's margin.
2768	*
2769	* Note: for ISAKMP SA, we let the negotiated
2770	* time stand (implemented by earlier logic).
2771	*/
2772	if (agreed_time &&
2773	(c->policy & POLICY_DONT_REKEY((lset_t)1 << (POLICY_DONT_REKEY_IX)))) {
2774	kind = (smc->flags & SMF_INITIATOR((lset_t)1 << (OAKLEY_AUTH_ROOF + 0))) ?
2775	EVENT_v1_REPLACE_IF_USED :
2776	EVENT_SA_EXPIRE;
2777	}
2778	if (kind != EVENT_SA_EXPIRE) {
2779	time_t marg =
2780	deltasecs(c->sa_rekey_margin);
2781
2782	if (smc->flags & SMF_INITIATOR((lset_t)1 << (OAKLEY_AUTH_ROOF + 0))) {
2783	marg += marg *
2784	c->sa_rekey_fuzz /
2785	100.E0 *
2786	(rand() /
2787	(RAND_MAX2147483647 + 1.E0));
2788	} else {
2789	marg /= 2;
2790	}
2791
2792	if (delay_ms > marg * 1000) {
2793	delay_ms -= marg * 1000;
2794	st->st_replace_margin = deltatime(marg);
2795	} else {
2796	kind = EVENT_SA_EXPIRE;
2797	}
2798	}
2799	/* XXX: DELAY_MS should be a deltatime_t */
2800	event_schedule(kind, deltatime_ms(delay_ms), st);
2801	break;
2802
2803	case EVENT_SA_DISCARD:
2804	event_schedule(EVENT_SA_DISCARD, c->config->retransmit_timeout, st);
2805	break;
2806
2807	default:
2808	bad_case(kind)libreswan_bad_case("kind", (kind), ({ static const struct where here = { .func = __func__, .file = "programs/pluto/ikev1.c", .line = 2808, }; &here; }));
2809	}
2810	}
2811
2812	/* tell whack and log of progress */
2813	{
2814	enum rc_type w;
2815	void (jam_details)(struct jambuf buf, struct state *st);
2816
2817	if (IS_IPSEC_SA_ESTABLISHED(st)(((st)->st_clonedfrom != 0) && (((st)->st_state ->kind) == STATE_QUICK_I2 \|\| ((st)->st_state->kind) == STATE_QUICK_R1 \|\| ((st)->st_state->kind) == STATE_QUICK_R2 \|\| ((st)->st_state->kind) == STATE_V2_ESTABLISHED_CHILD_SA ))) {
2818	pstat_sa_established(st);
2819	jam_details = jam_v1_ipsec_details;
2820	w = RC_SUCCESS; /* log our success */
2821	} else if (IS_V1_ISAKMP_SA_ESTABLISHED(st)((((lset_t)1 << ((st)->st_state->kind)) & ((( lset_t)1 << (STATE_MAIN_R3)) \| ((lset_t)1 << (STATE_MAIN_I4 )) \| ((lset_t)1 << (STATE_AGGR_I2)) \| ((lset_t)1 << (STATE_AGGR_R2)) \| ((lset_t)1 << (STATE_XAUTH_R0)) \| ( (lset_t)1 << (STATE_XAUTH_R1)) \| ((lset_t)1 << (STATE_MODE_CFG_R0 )) \| ((lset_t)1 << (STATE_MODE_CFG_R1)) \| ((lset_t)1 << (STATE_MODE_CFG_R2)) \| ((lset_t)1 << (STATE_MODE_CFG_I1 )) \| ((lset_t)1 << (STATE_XAUTH_I0)) \| ((lset_t)1 << (STATE_XAUTH_I1)))) != ((lset_t)0))) {
2822	pstat_sa_established(st);
2823	jam_details = jam_v1_isakmp_details;
2824	w = RC_SUCCESS; /* log our success */
2825	} else {
2826	jam_details = NULL((void*)0);
2827	w = RC_NEW_V1_STATE + st->st_state->kind;
2828	}
2829
2830	passert(st->st_state->kind < STATE_IKEv1_ROOF)({ _Bool assertion__ = st->st_state->kind < STATE_IKEv1_ROOF ; if (!assertion__) { where_t here = ({ static const struct where here = { .func = __func__, .file = "programs/pluto/ikev1.c", .line = 2830, }; &here; }); const struct logger *logger_ = &failsafe_logger; llog_passert(logger_, here, "%s", "st->st_state->kind < STATE_IKEv1_ROOF" ); } (void) 1; });
2831
2832	/* tell whack and logs our progress */
2833	LLOG_JAMBUF(w, st->st_logger, buf)for (char lswbuf[((size_t)1024)], lswbuf_ = lswbuf; lswbuf_ != ((void)0); lswbuf_ = ((void)0)) for (struct jambuf jambuf = array_as_jambuf((lswbuf), sizeof(lswbuf)), buf = &jambuf ; buf != ((void)0); buf = ((void)0)) for (({ if (((w) & NO_PREFIX) == ((lset_t)0) && (((w) & STREAM_MASK ) != DEBUG_STREAM \|\| (cur_debugging & (((lset_t)1 << (DBG_ADD_PREFIX_IX)))))) { (st->st_logger)->object_vec ->jam_object_prefix(buf, (st->st_logger)->object); } }); buf != ((void)0); jambuf_to_logger(buf, (st->st_logger ), w), buf = ((void)0)) {
2834	jam(buf, "%s", st->st_state->story);
2835	/* document SA details for admin's pleasure */
2836	if (jam_details != NULL((void*)0)) {
2837	jam(buf, " ");
2838	jam_details(buf, st);
2839	}
2840	}
2841	}
2842
2843	/*
2844	* make sure that a DPD event gets created for a new phase 1
2845	* SA.
2846	* Why do we need a DPD event on an IKE SA???
2847	*/
2848	if (IS_V1_ISAKMP_SA_ESTABLISHED(st)((((lset_t)1 << ((st)->st_state->kind)) & ((( lset_t)1 << (STATE_MAIN_R3)) \| ((lset_t)1 << (STATE_MAIN_I4 )) \| ((lset_t)1 << (STATE_AGGR_I2)) \| ((lset_t)1 << (STATE_AGGR_R2)) \| ((lset_t)1 << (STATE_XAUTH_R0)) \| ( (lset_t)1 << (STATE_XAUTH_R1)) \| ((lset_t)1 << (STATE_MODE_CFG_R0 )) \| ((lset_t)1 << (STATE_MODE_CFG_R1)) \| ((lset_t)1 << (STATE_MODE_CFG_R2)) \| ((lset_t)1 << (STATE_MODE_CFG_I1 )) \| ((lset_t)1 << (STATE_XAUTH_I0)) \| ((lset_t)1 << (STATE_XAUTH_I1)))) != ((lset_t)0))) {
2849	if (dpd_init(st) != STF_OK) {
2850	log_state(RC_LOG_SERIOUS, st,
2851	"DPD initialization failed - continuing without DPD");
2852	}
2853	}
2854
2855	/* Special case for XAUTH server */
2856	if (st->st_connection->spd.this.xauth_server) {
2857	if (st->st_oakley.doing_xauth &&
2858	IS_V1_ISAKMP_SA_ESTABLISHED(st)((((lset_t)1 << ((st)->st_state->kind)) & ((( lset_t)1 << (STATE_MAIN_R3)) \| ((lset_t)1 << (STATE_MAIN_I4 )) \| ((lset_t)1 << (STATE_AGGR_I2)) \| ((lset_t)1 << (STATE_AGGR_R2)) \| ((lset_t)1 << (STATE_XAUTH_R0)) \| ( (lset_t)1 << (STATE_XAUTH_R1)) \| ((lset_t)1 << (STATE_MODE_CFG_R0 )) \| ((lset_t)1 << (STATE_MODE_CFG_R1)) \| ((lset_t)1 << (STATE_MODE_CFG_R2)) \| ((lset_t)1 << (STATE_MODE_CFG_I1 )) \| ((lset_t)1 << (STATE_XAUTH_I0)) \| ((lset_t)1 << (STATE_XAUTH_I1)))) != ((lset_t)0))) {
2859	dbg("XAUTH: Sending XAUTH Login/Password Request"){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("XAUTH: Sending XAUTH Login/Password Request") ; } };
2860	event_schedule(EVENT_v1_SEND_XAUTH,
2861	deltatime_ms(EVENT_v1_SEND_XAUTH_DELAY_MS80),
2862	st);
2863	break;
2864	}
2865	}
2866
2867	/*
2868	* for XAUTH client, we are also done, because we need to
2869	* stay in this state, and let the server query us
2870	*/
2871	if (!IS_V1_QUICK(st->st_state->kind)(STATE_QUICK_R0 <= (st->st_state->kind) && ( st->st_state->kind) <= STATE_QUICK_R2) &&
2872	st->st_connection->spd.this.xauth_client &&
2873	!st->hidden_variables.st_xauth_client_done) {
2874	dbg("XAUTH client is not yet authenticated"){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("XAUTH client is not yet authenticated"); } };
2875	break;
2876	}
2877
2878	/*
2879	* when talking to some vendors, we need to initiate a mode
2880	* cfg request to get challenged, but there is also an
2881	* override in the form of a policy bit.
2882	*/
2883	dbg("modecfg pull: %s policy:%s %s",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("modecfg pull: %s policy:%s %s", (st->quirks .modecfg_pull_mode ? "quirk-poll" : "noquirk"), (st->st_connection ->policy & ((lset_t)1 << (POLICY_MODECFG_PULL_IX ))) ? "pull" : "push", (st->st_connection->spd.this.modecfg_client ? "modecfg-client" : "not-client")); } }
2884	(st->quirks.modecfg_pull_mode ?{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("modecfg pull: %s policy:%s %s", (st->quirks .modecfg_pull_mode ? "quirk-poll" : "noquirk"), (st->st_connection ->policy & ((lset_t)1 << (POLICY_MODECFG_PULL_IX ))) ? "pull" : "push", (st->st_connection->spd.this.modecfg_client ? "modecfg-client" : "not-client")); } }
2885	"quirk-poll" : "noquirk"),{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("modecfg pull: %s policy:%s %s", (st->quirks .modecfg_pull_mode ? "quirk-poll" : "noquirk"), (st->st_connection ->policy & ((lset_t)1 << (POLICY_MODECFG_PULL_IX ))) ? "pull" : "push", (st->st_connection->spd.this.modecfg_client ? "modecfg-client" : "not-client")); } }
2886	(st->st_connection->policy & POLICY_MODECFG_PULL) ?{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("modecfg pull: %s policy:%s %s", (st->quirks .modecfg_pull_mode ? "quirk-poll" : "noquirk"), (st->st_connection ->policy & ((lset_t)1 << (POLICY_MODECFG_PULL_IX ))) ? "pull" : "push", (st->st_connection->spd.this.modecfg_client ? "modecfg-client" : "not-client")); } }
2887	"pull" : "push",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("modecfg pull: %s policy:%s %s", (st->quirks .modecfg_pull_mode ? "quirk-poll" : "noquirk"), (st->st_connection ->policy & ((lset_t)1 << (POLICY_MODECFG_PULL_IX ))) ? "pull" : "push", (st->st_connection->spd.this.modecfg_client ? "modecfg-client" : "not-client")); } }
2888	(st->st_connection->spd.this.modecfg_client ?{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("modecfg pull: %s policy:%s %s", (st->quirks .modecfg_pull_mode ? "quirk-poll" : "noquirk"), (st->st_connection ->policy & ((lset_t)1 << (POLICY_MODECFG_PULL_IX ))) ? "pull" : "push", (st->st_connection->spd.this.modecfg_client ? "modecfg-client" : "not-client")); } }
2889	"modecfg-client" : "not-client")){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("modecfg pull: %s policy:%s %s", (st->quirks .modecfg_pull_mode ? "quirk-poll" : "noquirk"), (st->st_connection ->policy & ((lset_t)1 << (POLICY_MODECFG_PULL_IX ))) ? "pull" : "push", (st->st_connection->spd.this.modecfg_client ? "modecfg-client" : "not-client")); } };
2890
2891	if (st->st_connection->spd.this.modecfg_client &&
2892	IS_V1_ISAKMP_SA_ESTABLISHED(st)((((lset_t)1 << ((st)->st_state->kind)) & ((( lset_t)1 << (STATE_MAIN_R3)) \| ((lset_t)1 << (STATE_MAIN_I4 )) \| ((lset_t)1 << (STATE_AGGR_I2)) \| ((lset_t)1 << (STATE_AGGR_R2)) \| ((lset_t)1 << (STATE_XAUTH_R0)) \| ( (lset_t)1 << (STATE_XAUTH_R1)) \| ((lset_t)1 << (STATE_MODE_CFG_R0 )) \| ((lset_t)1 << (STATE_MODE_CFG_R1)) \| ((lset_t)1 << (STATE_MODE_CFG_R2)) \| ((lset_t)1 << (STATE_MODE_CFG_I1 )) \| ((lset_t)1 << (STATE_XAUTH_I0)) \| ((lset_t)1 << (STATE_XAUTH_I1)))) != ((lset_t)0)) &&
2893	(st->quirks.modecfg_pull_mode \|\|
2894	st->st_connection->policy & POLICY_MODECFG_PULL((lset_t)1 << (POLICY_MODECFG_PULL_IX))) &&
2895	!st->hidden_variables.st_modecfg_started) {
2896	dbg("modecfg client is starting due to %s",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("modecfg client is starting due to %s", st-> quirks.modecfg_pull_mode ? "quirk" : "policy"); } }
2897	st->quirks.modecfg_pull_mode ? "quirk" :{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("modecfg client is starting due to %s", st-> quirks.modecfg_pull_mode ? "quirk" : "policy"); } }
2898	"policy"){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("modecfg client is starting due to %s", st-> quirks.modecfg_pull_mode ? "quirk" : "policy"); } };
2899	modecfg_send_request(st);
2900	break;
2901	}
2902
2903	/* Should we set the peer's IP address regardless? */
2904	if (st->st_connection->spd.this.modecfg_server &&
2905	IS_V1_ISAKMP_SA_ESTABLISHED(st)((((lset_t)1 << ((st)->st_state->kind)) & ((( lset_t)1 << (STATE_MAIN_R3)) \| ((lset_t)1 << (STATE_MAIN_I4 )) \| ((lset_t)1 << (STATE_AGGR_I2)) \| ((lset_t)1 << (STATE_AGGR_R2)) \| ((lset_t)1 << (STATE_XAUTH_R0)) \| ( (lset_t)1 << (STATE_XAUTH_R1)) \| ((lset_t)1 << (STATE_MODE_CFG_R0 )) \| ((lset_t)1 << (STATE_MODE_CFG_R1)) \| ((lset_t)1 << (STATE_MODE_CFG_R2)) \| ((lset_t)1 << (STATE_MODE_CFG_I1 )) \| ((lset_t)1 << (STATE_XAUTH_I0)) \| ((lset_t)1 << (STATE_XAUTH_I1)))) != ((lset_t)0)) &&
2906	!st->hidden_variables.st_modecfg_vars_set &&
2907	!(st->st_connection->policy & POLICY_MODECFG_PULL((lset_t)1 << (POLICY_MODECFG_PULL_IX)))) {
2908	change_state(st, STATE_MODE_CFG_R1);
2909	log_state(RC_LOG, st, "Sending MODE CONFIG set");
2910	/*
2911	* ??? we ignore the result of modecfg.
2912	* But surely, if it fails, we ought to terminate this exchange.
2913	* What do the RFCs say?
2914	*/
2915	modecfg_start_set(st);
2916	break;
2917	}
2918
2919	/*
2920	* If we are the responder and the client is in "Contivity mode",
2921	* we need to initiate Quick mode
2922	*/
2923	if (!(smc->flags & SMF_INITIATOR((lset_t)1 << (OAKLEY_AUTH_ROOF + 0))) &&
2924	IS_V1_MODE_CFG_ESTABLISHED(st->st_state)(((st->st_state)->kind) == STATE_MODE_CFG_R2) &&
2925	(st->st_seen_nortel_vid)) {
2926	log_state(RC_LOG, st, "Nortel 'Contivity Mode' detected, starting Quick Mode");
2927	change_state(st, STATE_MAIN_R3); /* ISAKMP is up... */
2928	quick_outI1(st->st_logger->object_whackfd, st, st->st_connection,
2929	st->st_connection->policy, 1, SOS_NOBODY0, null_shunk);
2930	break;
2931	}
2932
2933	/* wait for modecfg_set */
2934	if (st->st_connection->spd.this.modecfg_client &&
2935	IS_V1_ISAKMP_SA_ESTABLISHED(st)((((lset_t)1 << ((st)->st_state->kind)) & ((( lset_t)1 << (STATE_MAIN_R3)) \| ((lset_t)1 << (STATE_MAIN_I4 )) \| ((lset_t)1 << (STATE_AGGR_I2)) \| ((lset_t)1 << (STATE_AGGR_R2)) \| ((lset_t)1 << (STATE_XAUTH_R0)) \| ( (lset_t)1 << (STATE_XAUTH_R1)) \| ((lset_t)1 << (STATE_MODE_CFG_R0 )) \| ((lset_t)1 << (STATE_MODE_CFG_R1)) \| ((lset_t)1 << (STATE_MODE_CFG_R2)) \| ((lset_t)1 << (STATE_MODE_CFG_I1 )) \| ((lset_t)1 << (STATE_XAUTH_I0)) \| ((lset_t)1 << (STATE_XAUTH_I1)))) != ((lset_t)0)) &&
2936	!st->hidden_variables.st_modecfg_vars_set) {
2937	dbg("waiting for modecfg set from server"){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("waiting for modecfg set from server"); } };
2938	break;
2939	}
2940
2941	dbg("phase 1 is done, looking for phase 2 to unpend"){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("phase 1 is done, looking for phase 2 to unpend" ); } };
2942
2943	if (smc->flags & SMF_RELEASE_PENDING_P2((lset_t)1 << (OAKLEY_AUTH_ROOF + 6))) {
2944	/* Initiate any Quick Mode negotiations that
2945	* were waiting to piggyback on this Keying Channel.
2946	*
2947	* ??? there is a potential race condition
2948	* if we are the responder: the initial Phase 2
2949	* message might outrun the final Phase 1 message.
2950	*
2951	* so, instead of actually sending the traffic now,
2952	* we schedule an event to do so.
2953	*
2954	* but, in fact, quick_mode will enqueue a cryptographic operation
2955	* anyway, which will get done "later" anyway, so maybe it is just fine
2956	* as it is.
2957	*
2958	*/
2959	unpend(pexpect_ike_sa(st), NULL((void*)0));
2960	}
2961
2962	if (IS_V1_ISAKMP_SA_ESTABLISHED(st)((((lset_t)1 << ((st)->st_state->kind)) & ((( lset_t)1 << (STATE_MAIN_R3)) \| ((lset_t)1 << (STATE_MAIN_I4 )) \| ((lset_t)1 << (STATE_AGGR_I2)) \| ((lset_t)1 << (STATE_AGGR_R2)) \| ((lset_t)1 << (STATE_XAUTH_R0)) \| ( (lset_t)1 << (STATE_XAUTH_R1)) \| ((lset_t)1 << (STATE_MODE_CFG_R0 )) \| ((lset_t)1 << (STATE_MODE_CFG_R1)) \| ((lset_t)1 << (STATE_MODE_CFG_R2)) \| ((lset_t)1 << (STATE_MODE_CFG_I1 )) \| ((lset_t)1 << (STATE_XAUTH_I0)) \| ((lset_t)1 << (STATE_XAUTH_I1)))) != ((lset_t)0)) \|\|
2963	IS_IPSEC_SA_ESTABLISHED(st)(((st)->st_clonedfrom != 0) && (((st)->st_state ->kind) == STATE_QUICK_I2 \|\| ((st)->st_state->kind) == STATE_QUICK_R1 \|\| ((st)->st_state->kind) == STATE_QUICK_R2 \|\| ((st)->st_state->kind) == STATE_V2_ESTABLISHED_CHILD_SA )))
2964	release_any_whack(st, HERE({ static const struct where here = { .func = __func__, .file = "programs/pluto/ikev1.c", .line = 2964, }; &here; }), "IKEv1 transitions finished");
2965
2966	if (IS_V1_QUICK(st->st_state->kind)(STATE_QUICK_R0 <= (st->st_state->kind) && ( st->st_state->kind) <= STATE_QUICK_R2))
2967	break;
2968
2969	break;
2970	}
2971
2972	case STF_INTERNAL_ERROR:
2973	/* update the previous packet history */
2974	remember_received_packet(st, md);
2975	log_state(RC_INTERNALERR + md->v1_note, st,
2976	"state transition function for %s had internal error",
2977	st->st_state->name);
2978	release_pending_whacks(st, "internal error");
2979	break;
2980
2981	case STF_FATAL:
2982	passert(st != NULL)({ _Bool assertion__ = st != ((void)0); if (!assertion__) { where_t here = ({ static const struct where here = { .func = __func__ , .file = "programs/pluto/ikev1.c", .line = 2982, }; &here ; }); const struct logger logger_ = &failsafe_logger; llog_passert (logger_, here, "%s", "st != ((void*)0)"); } (void) 1; });
2983	/* update the previous packet history */
2984	remember_received_packet(st, md);
2985	log_state(RC_FATAL, st, "encountered fatal error in state %s",
2986	st->st_state->name);
2987	#ifdef HAVE_NM1
2988	if (st->st_connection->remotepeertype == CISCO &&
2989	st->st_connection->nmconfigured) {
2990	if (!do_command(st->st_connection,
2991	&st->st_connection->spd,
2992	"disconnectNM",
2993	st, st->st_logger))
2994	dbg("sending disconnect to NM failed, you may need to do it manually"){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("sending disconnect to NM failed, you may need to do it manually" ); } };
2995	}
2996	#endif
2997	release_pending_whacks(st, "fatal error");
2998	delete_state(st);
2999	md->v1_st = st = NULL((void*)0);
3000	break;
3001
3002	default: /* a shortcut to STF_FAIL, setting md->note */
3003	passert(result > STF_FAIL)({ _Bool assertion__ = result > STF_FAIL; if (!assertion__ ) { where_t here = ({ static const struct where here = { .func = __func__, .file = "programs/pluto/ikev1.c", .line = 3003, } ; &here; }); const struct logger *logger_ = &failsafe_logger ; llog_passert(logger_, here, "%s", "result > STF_FAIL"); } (void) 1; });
3004	md->v1_note = result - STF_FAIL;
3005	/* FALL THROUGH */
3006	case STF_FAIL:
3007	{
3008	/* As it is, we act as if this message never happened:
3009	* whatever retrying was in place, remains in place.
3010	*/
3011	/*
3012	* Try to convert the notification into a non-NULL
3013	* string. For NOTHING_WRONG, be vague (at the time
3014	* of writing the enum_names didn't contain
3015	* NOTHING_WRONG, and even if it did "nothing wrong"
3016	* wouldn't exactly help here :-).
3017	*/
3018	const char *notify_name = (md->v1_note == NOTHING_WRONG ? "failed" :
3019	enum_name(&ikev1_notify_names, md->v1_note));
3020	if (notify_name == NULL((void*)0)) {
3021	notify_name = "internal error";
3022	}
3023	/*
3024	* ??? why no call of remember_received_packet?
3025	* Perhaps because the message hasn't been authenticated?
3026	* But then then any duplicate would lose too, I would think.
3027	*/
3028
3029	if (md->v1_note != NOTHING_WRONG) {
3030	/* this will log */
3031	SEND_NOTIFICATION(md->v1_note){ { const unsigned __pstat = (md->v1_note); if (__pstat < (sizeof(pstats_ikev1_sent_notifies_e) / sizeof((pstats_ikev1_sent_notifies_e )))) { pstats_ikev1_sent_notifies_e[__pstat]++; } else if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX))))) { DBG_log("pstats %s %d" , "ikev1_sent_notifies_e", __pstat); } }; if (st != ((void)0 )) send_notification_from_state(st, from_state, md->v1_note ); else send_notification_from_md(md, md->v1_note); };
3032	} else {
3033	/* XXX: why whack only? */
3034	log_state(WHACK_STREAM \| (RC_NOTIFICATION + md->v1_note), st,
3035	"state transition failed: %s", notify_name);
3036	}
3037
3038	dbg("state transition function for %s failed: %s",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("state transition function for %s failed: %s", st->st_state->name, notify_name); } }
3039	st->st_state->name, notify_name){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("state transition function for %s failed: %s", st->st_state->name, notify_name); } };
3040
3041	#ifdef HAVE_NM1
3042	if (st->st_connection->remotepeertype == CISCO &&
3043	st->st_connection->nmconfigured) {
3044	if (!do_command(st->st_connection,
3045	&st->st_connection->spd,
3046	"disconnectNM",
3047	st, st->st_logger))
3048	dbg("sending disconnect to NM failed, you may need to do it manually"){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("sending disconnect to NM failed, you may need to do it manually" ); } };
3049	}
3050	#endif
3051	if (IS_V1_QUICK(st->st_state->kind)(STATE_QUICK_R0 <= (st->st_state->kind) && ( st->st_state->kind) <= STATE_QUICK_R2)) {
3052	delete_state(st);
3053	/* wipe out dangling pointer to st */
3054	md->v1_st = NULL((void*)0);
3055	}
3056	break;
3057	}
3058	}
3059	}
3060
3061	/*
3062	* note: may change which connection is referenced by md->v1_st->st_connection.
3063	* But only if we are a Main Mode Responder.
3064	*/
3065	bool_Bool ikev1_decode_peer_id(struct msg_digest *md, bool_Bool initiator, bool_Bool aggrmode)
3066	{
3067	struct state *const st = md->v1_st;
3068	struct connection *c = st->st_connection;
3069	const struct payload_digest *const id_pld = md->chain[ISAKMP_NEXT_ID];
3070	const struct isakmp_id *const id = &id_pld->payload.id;
3071
3072	/*
3073	* I think that RFC2407 (IPSEC DOI) 4.6.2 is confused.
3074	* It talks about the protocol ID and Port fields of the ID
3075	* Payload, but they don't exist as such in Phase 1.
3076	* We use more appropriate names.
3077	* isaid_doi_specific_a is in place of Protocol ID.
3078	* isaid_doi_specific_b is in place of Port.
3079	* Besides, there is no good reason for allowing these to be
3080	* other than 0 in Phase 1.
3081	*/
3082	if (st->hidden_variables.st_nat_traversal != LEMPTY((lset_t)0) &&
3083	id->isaid_doi_specific_a == IPPROTO_UDPIPPROTO_UDP &&
3084	(id->isaid_doi_specific_b == 0 \|\|
3085	id->isaid_doi_specific_b == NAT_IKE_UDP_PORT4500)) {
3086	dbg("protocol/port in Phase 1 ID Payload is %d/%d. accepted with port_floating NAT-T",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("protocol/port in Phase 1 ID Payload is %d/%d. accepted with port_floating NAT-T" , id->isaid_doi_specific_a, id->isaid_doi_specific_b); } }
3087	id->isaid_doi_specific_a, id->isaid_doi_specific_b){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("protocol/port in Phase 1 ID Payload is %d/%d. accepted with port_floating NAT-T" , id->isaid_doi_specific_a, id->isaid_doi_specific_b); } };
3088	} else if (!(id->isaid_doi_specific_a == 0 &&
3089	id->isaid_doi_specific_b == 0) &&
3090	!(id->isaid_doi_specific_a == IPPROTO_UDPIPPROTO_UDP &&
3091	id->isaid_doi_specific_b == IKE_UDP_PORT500))
3092	{
3093	log_state(RC_LOG_SERIOUS, st,
3094	"protocol/port in Phase 1 ID Payload MUST be 0/0 or %d/%d but are %d/%d (attempting to continue)",
3095	IPPROTO_UDPIPPROTO_UDP, IKE_UDP_PORT500,
3096	id->isaid_doi_specific_a,
3097	id->isaid_doi_specific_b);
3098	/*
3099	* We have turned this into a warning because of bugs in other
3100	* vendors' products. Specifically CISCO VPN3000.
3101	*/
3102	/* return false; */
3103	}
3104
3105	struct id peer;
3106
3107	diag_t d = unpack_peer_id(id->isaid_idtype, &peer, &id_pld->pbs);
3108	if (d != NULL((void*)0)) {
3109	llog_diag(RC_LOG, st->st_logger, &d, "%s", "");
3110	return false0;
3111	}
3112
3113	if (c->spd.that.id.kind == ID_FROMCERT) {
3114	/* breaks API, connection modified by %fromcert */
3115	duplicate_id(&c->spd.that.id, &peer);
3116	}
3117
3118	/*
3119	* For interop with SoftRemote/aggressive mode we need to remember some
3120	* things for checking the hash
3121	*/
3122	st->st_peeridentity_protocol = id->isaid_doi_specific_a;
3123	st->st_peeridentity_port = ntohs(id->isaid_doi_specific_b);
3124
3125	{
3126	id_buf buf;
3127	esb_buf b;
3128	log_state(RC_LOG, st, "Peer ID is %s: '%s'",
3129	enum_show(&ike_id_type_names, id->isaid_idtype, &b),
3130	str_id(&peer, &buf)str_id_bytes(&peer, jam_raw_bytes, &buf));
3131	}
3132
3133	/* check for certificates */
3134	if (!v1_verify_certs(md)) {
3135	log_state(RC_LOG, st, "X509: CERT payload does not match connection ID");
3136	if (initiator \|\| aggrmode) {
3137	/* cannot switch connection so fail */
3138	return false0;
3139	}
3140	}
3141
3142	/* check for certificate requests */
3143	ikev1_decode_cr(md, st->st_logger);
3144
3145	/*
3146	* Now that we've decoded the ID payload, let's see if we
3147	* need to switch connections.
3148	* Aggressive mode cannot switch connections.
3149	* We must not switch horses if we initiated:
3150	* - if the initiation was explicit, we'd be ignoring user's intent
3151	* - if opportunistic, we'll lose our HOLD info
3152	*/
3153
3154	if (initiator) {
3155	if (!st->st_v1_peer_alt_id &&
3156	!same_id(&c->spd.that.id, &peer) &&
3157	c->spd.that.id.kind != ID_FROMCERT) {
3158	id_buf expect;
3159	id_buf found;
3160
3161	log_state(RC_LOG_SERIOUS, st,
3162	"we require IKEv1 peer to have ID '%s', but peer declares '%s'",
3163	str_id(&c->spd.that.id, &expect)str_id_bytes(&c->spd.that.id, jam_raw_bytes, &expect ),
3164	str_id(&peer, &found)str_id_bytes(&peer, jam_raw_bytes, &found));
3165	return false0;
3166	} else if (c->spd.that.id.kind == ID_FROMCERT) {
3167	if (peer.kind != ID_DER_ASN1_DN) {
3168	log_state(RC_LOG_SERIOUS, st,
3169	"peer ID is not a certificate type");
3170	return false0;
3171	}
3172	duplicate_id(&c->spd.that.id, &peer);
3173	}
3174	} else if (!aggrmode) {
3175	/* Main Mode Responder */
3176	uint16_t auth = xauth_calcbaseauth(st->st_oakley.auth);
3177	lset_t auth_policy;
3178
3179	switch (auth) {
3180	case OAKLEY_PRESHARED_KEY:
3181	auth_policy = POLICY_PSK((lset_t)1 << (POLICY_PSK_IX));
3182	break;
3183	case OAKLEY_RSA_SIG:
3184	auth_policy = POLICY_RSASIG((lset_t)1 << (POLICY_RSASIG_IX));
3185	break;
3186	/* Not implemented */
3187	case OAKLEY_DSS_SIG:
3188	case OAKLEY_RSA_ENC:
3189	case OAKLEY_RSA_REVISED_MODE:
3190	case OAKLEY_ECDSA_P256:
3191	case OAKLEY_ECDSA_P384:
3192	case OAKLEY_ECDSA_P521:
3193	default:
3194	dbg("ikev1 ike_decode_peer_id bad_case due to not supported policy"){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("ikev1 ike_decode_peer_id bad_case due to not supported policy" ); } };
3195	return false0;
3196	}
3197
3198	bool_Bool fromcert;
3199	struct connection *r =
3200	refine_host_connection_on_responder(st, &peer,
3201	NULL((void)0), / IKEv1 does not support 'you Tarzan, me Jane' */
3202	auth_policy,
3203	AUTHBY_UNSET, /* ikev2 only */
3204	&fromcert);
3205
3206	if (r == NULL((void*)0)) {
3207	id_buf buf;
3208	dbg("no more suitable connection for peer '%s'",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("no more suitable connection for peer '%s'", str_id_bytes (&peer, jam_raw_bytes, &buf)); } }
3209	str_id(&peer, &buf)){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("no more suitable connection for peer '%s'", str_id_bytes (&peer, jam_raw_bytes, &buf)); } };
3210	/* can we continue with what we had? */
3211	if (!md->v1_st->st_v1_peer_alt_id &&
3212	!same_id(&c->spd.that.id, &peer) &&
3213	c->spd.that.id.kind != ID_FROMCERT) {
3214	log_state(RC_LOG, md->v1_st, "Peer mismatch on first found connection and no better connection found");
3215	return false0;
3216	} else {
3217	dbg("Peer ID matches and no better connection found - continuing with existing connection"){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("Peer ID matches and no better connection found - continuing with existing connection" ); } };
3218	r = c;
3219	}
3220	}
3221
3222	dn_buf buf;
3223	dbg("offered CA: '%s'",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("offered CA: '%s'", str_dn_or_null(r->spd.this .ca, "%none", &buf)); } }
3224	str_dn_or_null(r->spd.this.ca, "%none", &buf)){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("offered CA: '%s'", str_dn_or_null(r->spd.this .ca, "%none", &buf)); } };
3225
3226	if (r != c) {
3227	/*
3228	* We are changing st->st_connection!
3229	* Our caller might be surprised!
3230	*/
3231	connection_buf b1, b2;
3232
3233	/* apparently, r is an improvement on c -- replace */
3234	log_state(RC_LOG, st, "switched from "PRI_CONNECTION"\"%s\"%s"" to "PRI_CONNECTION"\"%s\"%s""",
3235	pri_connection(c, &b1)(c)->name, str_connection_instance(c, &b1), pri_connection(r, &b2)(r)->name, str_connection_instance(r, &b2));
3236
3237	if (r->kind == CK_TEMPLATE \|\| r->kind == CK_GROUP) {
3238	/* instantiate it, filling in peer's ID */
3239	r = rw_instantiate(r, &c->spd.that.host_addr,
3240	NULL((void*)0),
3241	&peer);
3242	}
3243
3244	update_state_connection(st, r);
3245	c = r; /* c not subsequently used */
	Value stored to 'c' is never read
3246	/* redo from scratch so we read and check CERT payload */
3247	dbg("retrying ike_decode_peer_id() with new conn"){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("retrying ike_decode_peer_id() with new conn") ; } };
3248	passert(!initiator && !aggrmode)({ _Bool assertion__ = !initiator && !aggrmode; if (! assertion__) { where_t here = ({ static const struct where here = { .func = __func__, .file = "programs/pluto/ikev1.c", .line = 3248, }; &here; }); const struct logger *logger_ = & failsafe_logger; llog_passert(logger_, here, "%s", "!initiator && !aggrmode" ); } (void) 1; });
3249	return ikev1_decode_peer_id(md, false0, false0);
3250	} else if (c->spd.that.has_id_wildcards) {
3251	duplicate_id(&c->spd.that.id, &peer);
3252	c->spd.that.has_id_wildcards = false0;
3253	} else if (fromcert) {
3254	dbg("copying ID for fromcert"){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("copying ID for fromcert"); } };
3255	duplicate_id(&c->spd.that.id, &peer);
3256	}
3257	}
3258
3259	return true1;
3260	}
3261
3262	bool_Bool ikev1_ship_chain(chunk_t chain, int n, pb_stream outs,
3263	uint8_t type)
3264	{
3265	for (int i = 0; i < n; i++) {
3266	if (!ikev1_ship_CERT(type, HUNK_AS_SHUNK(chain[i])({ typeof(chain[i]) h_ = (chain[i]); shunk2(h_.ptr, h_.len); } ), outs))
3267	return false0;
3268	}
3269
3270	return true1;
3271	}
3272
3273	void doi_log_cert_thinking(uint16_t auth,
3274	enum ike_cert_type certtype,
3275	enum certpolicy policy,
3276	bool_Bool gotcertrequest,
3277	bool_Bool send_cert,
3278	bool_Bool send_chain)
3279	{
3280	if (DBGP(DBG_BASE)(cur_debugging & (((lset_t)1 << (DBG_BASE_IX))))) {
3281	DBG_log("thinking about whether to send my certificate:");
3282
3283	esb_buf oan;
3284	esb_buf ictn;
3285	DBG_log(" I have RSA key: %s cert.type: %s ",
3286	enum_show(&oakley_auth_names, auth, &oan),
3287	enum_show(&ike_cert_type_names, certtype, &ictn));
3288
3289	esb_buf cptn;
3290	DBG_log(" sendcert: %s and I did%s get a certificate request ",
3291	enum_show(&certpolicy_type_names, policy, &cptn),
3292	gotcertrequest ? "" : " not");
3293
3294	DBG_log(" so %ssend cert.", send_cert ? "" : "do not ");
3295
3296	if (!send_cert) {
3297	if (auth == OAKLEY_PRESHARED_KEY) {
3298	DBG_log("I did not send a certificate because digital signatures are not being used. (PSK)");
3299	} else if (certtype == CERT_NONE) {
3300	DBG_log("I did not send a certificate because I do not have one.");
3301	} else if (policy == CERT_SENDIFASKED) {
3302	DBG_log("I did not send my certificate because I was not asked to.");
3303	} else {
3304	DBG_log("INVALID AUTH SETTING: %d", auth);
3305	}
3306	}
3307	if (send_chain)
3308	DBG_log("Sending one or more authcerts");
3309	}
3310	}
3311
3312	/*
3313	* an ISAKMP SA has been established.
3314	* Note the serial number, and release any connections with
3315	* the same peer ID but different peer IP address.
3316	*
3317	* Called by IKEv1 and IKEv2 when the IKE SA is established.
3318	* It checks if the freshly established connection needs is
3319	* replacing an established version of itself.
3320	*
3321	* The use of uniqueIDs is mostly historic and might be removed
3322	* in a future version. It is ignored for PSK based connections,
3323	* which only act based on being a "server using PSK".
3324	*
3325	* IKEv1 code does not send or process INITIAL_CONTACT
3326	* IKEv2 codes does so we take it into account.
3327	*/
3328
3329	void ISAKMP_SA_established(const struct ike_sa *ike)
3330	{
3331	struct connection *c = ike->sa.st_connection;
3332	bool_Bool authnull = (LIN(POLICY_AUTH_NULL, c->policy)(((((lset_t)1 << (POLICY_AUTH_NULL_IX))) & (c->policy )) == (((lset_t)1 << (POLICY_AUTH_NULL_IX)))) \|\| c->spd.that.authby == AUTHBY_NULL);
3333
3334	if (c->spd.this.xauth_server && LIN(POLICY_PSK, c->policy)(((((lset_t)1 << (POLICY_PSK_IX))) & (c->policy) ) == (((lset_t)1 << (POLICY_PSK_IX))))) {
3335	/*
3336	* If we are a server and use PSK, all clients use the same group ID
3337	* Note that "xauth_server" also refers to IKEv2 CP
3338	*/
3339	dbg("We are a server using PSK and clients are using a group ID"){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("We are a server using PSK and clients are using a group ID" ); } };
3340	} else if (!uniqueIDs) {
3341	dbg("uniqueIDs disabled, not contemplating releasing older self"){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("uniqueIDs disabled, not contemplating releasing older self" ); } };
3342	} else {
3343	/*
3344	* for all existing connections: if the same Phase 1 IDs are used,
3345	* unorient the (old) connection (if different from current connection)
3346	* Only do this for connections with the same name (can be shared ike sa)
3347	*/
3348	struct connection_query cq = { .where = HERE({ static const struct where here = { .func = __func__, .file = "programs/pluto/ikev1.c", .line = 3348, }; &here; }), .c = NULL((void*)0), };
3349	while (new2old_connection(&cq)) {
3350	struct connection *d = cq.c;
3351
3352	/* if old IKE SA is same as new IKE sa and non-auth isn't overwrting auth */
3353	if (c != d && c->kind == d->kind && streq(c->name, d->name)(strcmp((c->name), (d->name)) == 0) &&
3354	same_id(&c->spd.this.id, &d->spd.this.id) &&
3355	same_id(&c->spd.that.id, &d->spd.that.id))
3356	{
3357	bool_Bool old_is_nullauth = (LIN(POLICY_AUTH_NULL, d->policy)(((((lset_t)1 << (POLICY_AUTH_NULL_IX))) & (d->policy )) == (((lset_t)1 << (POLICY_AUTH_NULL_IX)))) \|\| d->spd.that.authby == AUTHBY_NULL);
3358	bool_Bool same_remote_ip = sameaddr(&c->spd.that.host_addr, &d->spd.that.host_addr);
3359
3360	if (same_remote_ip && (!old_is_nullauth && authnull)) {
3361	log_state(RC_LOG, &ike->sa, "cannot replace old authenticated connection with authnull connection");
3362	} else if (!same_remote_ip && old_is_nullauth && authnull) {
3363	log_state(RC_LOG, &ike->sa, "NULL auth ID for different IP's cannot replace each other");
3364	} else {
3365	dbg("unorienting old connection with same IDs"){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("unorienting old connection with same IDs"); } };
3366	/*
3367	* When replacing an old
3368	* existing connection,
3369	* suppress sending delete
3370	* notify
3371	*/
3372	suppress_delete_notify(ike, "ISAKMP", d->newest_ike_sa);
3373	suppress_delete_notify(ike, "IKE", d->newest_ipsec_sa);
3374	/*
3375	* XXX: Assume this call
3376	* doesn't want to log to
3377	* whack? Even though the IKE
3378	* SA may have whack attached,
3379	* don't transfer it to the
3380	* old connection.
3381	*/
3382	if (d->kind == CK_INSTANCE) {
3383	delete_connection(&d, /relations?/false0);
3384	} else {
3385	release_connection(d, /relations?/false0); /* this deletes the states */
3386	}
3387	}
3388	}
3389	}
3390
3391	/*
3392	* This only affects IKEv2, since we don't store any
3393	* received INITIAL_CONTACT for IKEv1.
3394	* We don't do this on IKEv1, because it seems to
3395	* confuse various third parties (Windows, Cisco VPN 300,
3396	* and juniper
3397	* likely because this would be called before the IPsec SA
3398	* of QuickMode is installed, so the remote endpoints view
3399	* this IKE SA still as the active one?
3400	*/
3401	if (ike->sa.st_ike_seen_v2n_initial_contact) {
3402	if (c->newest_ike_sa != SOS_NOBODY0 &&
3403	c->newest_ike_sa != ike->sa.st_serialno) {
3404	struct state *old_p1 = state_by_serialno(c->newest_ike_sa);
3405
3406	dbg("deleting replaced IKE state for %s",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("deleting replaced IKE state for %s", old_p1-> st_connection->name); } }
3407	old_p1->st_connection->name){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("deleting replaced IKE state for %s", old_p1-> st_connection->name); } };
3408	old_p1->st_send_delete = DONT_SEND_DELETE;
3409	event_force(EVENT_SA_EXPIRE, old_p1);
3410	}
3411
3412	if (c->newest_ipsec_sa != SOS_NOBODY0) {
3413	struct state *old_p2 = state_by_serialno(c->newest_ipsec_sa);
3414	struct connection d = old_p2 == NULL((void)0) ? NULL((void*)0) : old_p2->st_connection;
3415
3416	if (c == d && same_id(&c->spd.that.id, &d->spd.that.id)) {
3417	dbg("Initial Contact received, deleting old state #%lu from connection '%s'",{ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("Initial Contact received, deleting old state #%lu from connection '%s'" , c->newest_ipsec_sa, c->name); } }
3418	c->newest_ipsec_sa, c->name){ if ((cur_debugging & (((lset_t)1 << (DBG_BASE_IX) )))) { DBG_log("Initial Contact received, deleting old state #%lu from connection '%s'" , c->newest_ipsec_sa, c->name); } };
3419	old_p2->st_send_delete = DONT_SEND_DELETE;
3420	event_force(EVENT_SA_EXPIRE, old_p2);
3421	}
3422	}
3423	}
3424	}
3425
3426	c->newest_ike_sa = ike->sa.st_serialno;
3427	}
3428
3429	/*
3430	* Reply messages are built in this nasty evil global buffer.
3431	*
3432	* Only one packet can be built at a time. That should be ok as
3433	* packets are only built on the main thread and code and a packet is
3434	* created using a single operation.
3435	*
3436	* In the good old days code would partially construct a packet,
3437	* wonder off to do crypto and process other packets, and then assume
3438	* things could be picked up where they were left off. Code to make
3439	* that work (saving restoring the buffer, re-initializing the buffer
3440	* in strange places, ....) has all been removed.
3441	*
3442	* Something else that should go is global access to REPLY_STREAM.
3443	* Instead all code should use open_reply_stream() and a reference
3444	* with only local scope. This should reduce the odds of code
3445	* meddling in reply_stream on the sly.
3446	*
3447	* Another possibility is to move the buffer onto the stack. However,
3448	* the PBS is 64K and that isn't so good for small machines. Then
3449	* again the send.[hc] and demux[hc] code both allocate 64K stack
3450	* buffers already. Oops.
3451	*/
3452
3453	pb_stream reply_stream;