void recv_pcap_packet(u_char *user,
const struct pcap_pkthdr *h,
const u_char *bytes)
{
struct state *st;
struct pcr_kenonce *kn = &r->pcr_d.kn;
/* I'm jacob two-two. I do everything twice! */
recv_pcap_packet_gen(user, h, bytes);
/* find st involved */
st = state_with_serialno(1);
st->st_connection->extra_debugging = DBG_EMITTING | DBG_CONTROL |
DBG_CONTROLMORE;
/* now fill in the KE values from a constant.. not calculated */
clonetowirechunk(&kn->thespace, kn->space, &kn->secret, tc3_secret,
tc3_secret_len);
clonetowirechunk(&kn->thespace, kn->space, &kn->n, tc3_nr,
tc3_nr_len);
clonetowirechunk(&kn->thespace, kn->space, &kn->gi, tc3_gr,
tc3_gr_len);
run_continuation(r);
}
void rekeyit()
{
struct state *st = NULL;
struct pcr_kenonce *kn = &crypto_req->pcr_d.kn;
fprintf(stderr, "now pretend that the keylife timer is up, and rekey the connection\n");
show_states_status();
timer_list();
st = state_with_serialno(2);
/* capture the rekey message */
send_packet_setup_pcap("OUTPUT/rekeyikev2-I1.pcap");
if(st) {
DBG(DBG_LIFECYCLE
, openswan_log("replacing stale %s SA"
, (IS_PHASE1(st->st_state)|| IS_PHASE15(st->st_state ))? "ISAKMP" : "IPsec"));
ipsecdoi_replace(st, LEMPTY, LEMPTY, 1);
} else {
fprintf(stderr, "no state #2 found\n");
}
passert(kn->oakley_group == tc14_oakleygroup);
/* now fill in the KE values from a constant.. not calculated */
clonetowirechunk(&kn->thespace, kn->space, &kn->secret, tc14_secret,tc14_secret_len);
clonetowirechunk(&kn->thespace, kn->space, &kn->n, tc14_ni, tc14_ni_len); /* maybe change nonce for rekey? */
clonetowirechunk(&kn->thespace, kn->space, &kn->gi, tc14_gi, tc14_gi_len);
run_continuation(crypto_req);
send_packet_close();
}
void recv_pcap_packet2(u_char *user
, const struct pcap_pkthdr *h
, const u_char *bytes)
{
static int call_counter = 0;
struct pcr_kenonce *kn = &crypto_req->pcr_d.kn;
call_counter++;
DBG_log("%s() call %d: enter", __func__, call_counter);
enable_debugging();
enable_debugging_on_sa(1);
enable_debugging_on_sa(2);
recv_pcap_packet_gen(user, h, bytes);
if (call_counter == 2) {
/* we received the third packet, ISAKMP_v2_SA_INIT,
* and queued a 'build_ke', which we have to emulate...
* now fill in the KE values from a constant.. not calculated */
passert(kn->oakley_group == SS(oakleygroup));
clonetowirechunk(&kn->thespace, kn->space, &kn->secret, SS(secret.ptr),SS(secret.len));
clonetowirechunk(&kn->thespace, kn->space, &kn->n, SS(ni.ptr), SS(ni.len));
clonetowirechunk(&kn->thespace, kn->space, &kn->gi, SS(gi.ptr), SS(gi.len));
}
DBG_log("%s() call %d: continuation", __func__, call_counter);
run_continuation(crypto_req);
DBG_log("%s() call %d: exit", __func__, call_counter);
}
/*
* this routine accepts the I3 packet, and the causes a rekey to be queued */
void recv_pcap_I3_rekey(u_char *user
, const struct pcap_pkthdr *h
, const u_char *bytes)
{
struct state *st = NULL;
struct pcr_kenonce *kn = &crypto_req->pcr_d.kn;
/* create a socket for a possible whack process that is doing --up */
int fake_whack_fd = open("/dev/null", O_RDWR);
passert(fake_whack_fd != -1);
recv_pcap_packet(user, h, bytes);
fprintf(stderr, "now pretend that the keylife timer is up, and rekey the connection\n");
show_states_status();
timer_list();
st = state_with_serialno(2);
st->st_whack_sock = fake_whack_fd;
if(st) {
DBG(DBG_LIFECYCLE
, openswan_log("replacing stale %s SA"
, (IS_PHASE1(st->st_state)|| IS_PHASE15(st->st_state ))? "ISAKMP" : "IPsec"));
ipsecdoi_replace(st, LEMPTY, LEMPTY, 1);
} else {
fprintf(stderr, "no state #2 found\n");
}
/* find new state! */
st = state_with_serialno(3);
passert(st->st_whack_sock != -1);
passert(kn->oakley_group == SS(oakleygroup));
/* now fill in the KE values from a constant.. not calculated */
clonetowirechunk(&kn->thespace, kn->space, &kn->secret, SS(secret.ptr),SS(secret.len));
clonetowirechunk(&kn->thespace, kn->space, &kn->n, SS(ni.ptr), SS(ni.len)); /* maybe change nonce for rekey? */
clonetowirechunk(&kn->thespace, kn->space, &kn->gi, SS(gi.ptr), SS(gi.len));
run_continuation(crypto_req);
}
/* this is replicated in the unit test cases since the patching up of the crypto values is case specific */
void recv_pcap_packet(u_char *user
, const struct pcap_pkthdr *h
, const u_char *bytes)
{
struct state *st;
struct pcr_kenonce *kn = &crypto_req->pcr_d.kn;
recv_pcap_packet_gen(user, h, bytes);
/* find st involved */
st = state_with_serialno(1);
if(st) {
st->st_connection->extra_debugging = DBG_EMITTING|DBG_CONTROL|DBG_CONTROLMORE;
/* now fill in the KE values from a constant.. not calculated */
clonetowirechunk(&kn->thespace, kn->space, &kn->secret, tc14_secretr,tc14_secretr_len);
clonetowirechunk(&kn->thespace, kn->space, &kn->n, tc14_nr, tc14_nr_len);
clonetowirechunk(&kn->thespace, kn->space, &kn->gi, tc14_gr, tc14_gr_len);
run_continuation(crypto_req);
}
}
void recv_pcap_packetC1(u_char *user
, const struct pcap_pkthdr *h
, const u_char *bytes)
{
struct state *st;
struct pcr_kenonce *kn = &crypto_req->pcr_d.kn;
recv_pcap_packet_gen(user, h, bytes);
/* find st involved */
st = state_with_serialno(3);
st->st_connection->extra_debugging = DBG_PRIVATE|DBG_CRYPT|DBG_PARSING|DBG_EMITTING|DBG_CONTROL|DBG_CONTROLMORE;
/* now fill in the KE values from a constant.. not calculated */
clonetowirechunk(&kn->thespace, kn->space, &kn->n, SS(nr.ptr), SS(nr.len));
clonetowirechunk(&kn->thespace, kn->space, &kn->gi, SS(gr.ptr), SS(gr.len));
run_one_continuation(crypto_req);
/* now do the second calculation */
clonetowirechunk(&kn->thespace, kn->space, &kn->secret, SS(secret.ptr),SS(secret.len));
run_one_continuation(crypto_req);
}
