void recv_pcap_packet(u_char *user, const struct pcap_pkthdr *h, const u_char *bytes) { struct state *st; struct pcr_kenonce *kn = &r->pcr_d.kn; /* I'm jacob two-two. I do everything twice! */ recv_pcap_packet_gen(user, h, bytes); /* find st involved */ st = state_with_serialno(1); st->st_connection->extra_debugging = DBG_EMITTING | DBG_CONTROL | DBG_CONTROLMORE; /* now fill in the KE values from a constant.. not calculated */ clonetowirechunk(&kn->thespace, kn->space, &kn->secret, tc3_secret, tc3_secret_len); clonetowirechunk(&kn->thespace, kn->space, &kn->n, tc3_nr, tc3_nr_len); clonetowirechunk(&kn->thespace, kn->space, &kn->gi, tc3_gr, tc3_gr_len); run_continuation(r); }
void rekeyit() { struct state *st = NULL; struct pcr_kenonce *kn = &crypto_req->pcr_d.kn; fprintf(stderr, "now pretend that the keylife timer is up, and rekey the connection\n"); show_states_status(); timer_list(); st = state_with_serialno(2); /* capture the rekey message */ send_packet_setup_pcap("OUTPUT/rekeyikev2-I1.pcap"); if(st) { DBG(DBG_LIFECYCLE , openswan_log("replacing stale %s SA" , (IS_PHASE1(st->st_state)|| IS_PHASE15(st->st_state ))? "ISAKMP" : "IPsec")); ipsecdoi_replace(st, LEMPTY, LEMPTY, 1); } else { fprintf(stderr, "no state #2 found\n"); } passert(kn->oakley_group == tc14_oakleygroup); /* now fill in the KE values from a constant.. not calculated */ clonetowirechunk(&kn->thespace, kn->space, &kn->secret, tc14_secret,tc14_secret_len); clonetowirechunk(&kn->thespace, kn->space, &kn->n, tc14_ni, tc14_ni_len); /* maybe change nonce for rekey? */ clonetowirechunk(&kn->thespace, kn->space, &kn->gi, tc14_gi, tc14_gi_len); run_continuation(crypto_req); send_packet_close(); }
void recv_pcap_packet2(u_char *user , const struct pcap_pkthdr *h , const u_char *bytes) { static int call_counter = 0; struct pcr_kenonce *kn = &crypto_req->pcr_d.kn; call_counter++; DBG_log("%s() call %d: enter", __func__, call_counter); enable_debugging(); enable_debugging_on_sa(1); enable_debugging_on_sa(2); recv_pcap_packet_gen(user, h, bytes); if (call_counter == 2) { /* we received the third packet, ISAKMP_v2_SA_INIT, * and queued a 'build_ke', which we have to emulate... * now fill in the KE values from a constant.. not calculated */ passert(kn->oakley_group == SS(oakleygroup)); clonetowirechunk(&kn->thespace, kn->space, &kn->secret, SS(secret.ptr),SS(secret.len)); clonetowirechunk(&kn->thespace, kn->space, &kn->n, SS(ni.ptr), SS(ni.len)); clonetowirechunk(&kn->thespace, kn->space, &kn->gi, SS(gi.ptr), SS(gi.len)); } DBG_log("%s() call %d: continuation", __func__, call_counter); run_continuation(crypto_req); DBG_log("%s() call %d: exit", __func__, call_counter); }
/* * this routine accepts the I3 packet, and the causes a rekey to be queued */ void recv_pcap_I3_rekey(u_char *user , const struct pcap_pkthdr *h , const u_char *bytes) { struct state *st = NULL; struct pcr_kenonce *kn = &crypto_req->pcr_d.kn; /* create a socket for a possible whack process that is doing --up */ int fake_whack_fd = open("/dev/null", O_RDWR); passert(fake_whack_fd != -1); recv_pcap_packet(user, h, bytes); fprintf(stderr, "now pretend that the keylife timer is up, and rekey the connection\n"); show_states_status(); timer_list(); st = state_with_serialno(2); st->st_whack_sock = fake_whack_fd; if(st) { DBG(DBG_LIFECYCLE , openswan_log("replacing stale %s SA" , (IS_PHASE1(st->st_state)|| IS_PHASE15(st->st_state ))? "ISAKMP" : "IPsec")); ipsecdoi_replace(st, LEMPTY, LEMPTY, 1); } else { fprintf(stderr, "no state #2 found\n"); } /* find new state! */ st = state_with_serialno(3); passert(st->st_whack_sock != -1); passert(kn->oakley_group == SS(oakleygroup)); /* now fill in the KE values from a constant.. not calculated */ clonetowirechunk(&kn->thespace, kn->space, &kn->secret, SS(secret.ptr),SS(secret.len)); clonetowirechunk(&kn->thespace, kn->space, &kn->n, SS(ni.ptr), SS(ni.len)); /* maybe change nonce for rekey? */ clonetowirechunk(&kn->thespace, kn->space, &kn->gi, SS(gi.ptr), SS(gi.len)); run_continuation(crypto_req); }
/* this is replicated in the unit test cases since the patching up of the crypto values is case specific */ void recv_pcap_packet(u_char *user , const struct pcap_pkthdr *h , const u_char *bytes) { struct state *st; struct pcr_kenonce *kn = &crypto_req->pcr_d.kn; recv_pcap_packet_gen(user, h, bytes); /* find st involved */ st = state_with_serialno(1); if(st) { st->st_connection->extra_debugging = DBG_EMITTING|DBG_CONTROL|DBG_CONTROLMORE; /* now fill in the KE values from a constant.. not calculated */ clonetowirechunk(&kn->thespace, kn->space, &kn->secret, tc14_secretr,tc14_secretr_len); clonetowirechunk(&kn->thespace, kn->space, &kn->n, tc14_nr, tc14_nr_len); clonetowirechunk(&kn->thespace, kn->space, &kn->gi, tc14_gr, tc14_gr_len); run_continuation(crypto_req); } }
void recv_pcap_packetC1(u_char *user , const struct pcap_pkthdr *h , const u_char *bytes) { struct state *st; struct pcr_kenonce *kn = &crypto_req->pcr_d.kn; recv_pcap_packet_gen(user, h, bytes); /* find st involved */ st = state_with_serialno(3); st->st_connection->extra_debugging = DBG_PRIVATE|DBG_CRYPT|DBG_PARSING|DBG_EMITTING|DBG_CONTROL|DBG_CONTROLMORE; /* now fill in the KE values from a constant.. not calculated */ clonetowirechunk(&kn->thespace, kn->space, &kn->n, SS(nr.ptr), SS(nr.len)); clonetowirechunk(&kn->thespace, kn->space, &kn->gi, SS(gr.ptr), SS(gr.len)); run_one_continuation(crypto_req); /* now do the second calculation */ clonetowirechunk(&kn->thespace, kn->space, &kn->secret, SS(secret.ptr),SS(secret.len)); run_one_continuation(crypto_req); }