/* Send our public DH value and a nonce to the peer. */
int
ike_phase_1_send_KE_NONCE (struct message *msg, size_t nonce_sz)
{
/* Public DH key. */
if (ipsec_gen_g_x (msg))
{
/* XXX How to log and notify peer? */
return -1;
}
/* Generate a nonce, and add it to the message. */
if (exchange_gen_nonce (msg, nonce_sz))
{
/* XXX Log? */
return -1;
}
/* Try to add certificates which are acceptable for the CERTREQs */
if (exchange_add_certs (msg))
{
/* XXX Log? */
return -1;
}
return 0;
}
/* Send our public DH value and a nonce to the peer. */
int
ike_phase_1_send_KE_NONCE(struct message *msg, size_t nonce_sz)
{
/* Public DH key. */
if (ipsec_gen_g_x(msg)) {
/* XXX How to log and notify peer? */
return -1;
}
/* Generate a nonce, and add it to the message. */
if (exchange_gen_nonce(msg, nonce_sz)) {
/* XXX Log? */
return -1;
}
/* Are there any CERTREQs to send? */
if (exchange_add_certreqs(msg)) {
/* XXX Log? */
return -1;
}
/* Try to add certificates which are acceptable for the CERTREQs */
if (exchange_add_certs(msg)) {
/* XXX Log? */
return -1;
}
/* If this exchange uses NAT-Traversal, add NAT-D payloads now. */
if (msg->exchange->flags & EXCHANGE_FLAG_NAT_T_CAP_PEER)
if (nat_t_exchange_add_nat_d(msg)) {
/* XXX Log? */
return -1;
}
return 0;
}
