void rekeyit() { struct state *st = NULL; struct pcr_kenonce *kn = &crypto_req->pcr_d.kn; fprintf(stderr, "now pretend that the keylife timer is up, and rekey the connection\n"); show_states_status(); timer_list(); st = state_with_serialno(2); /* capture the rekey message */ send_packet_setup_pcap("OUTPUT/rekeyikev2-I1.pcap"); if(st) { DBG(DBG_LIFECYCLE , openswan_log("replacing stale %s SA" , (IS_PHASE1(st->st_state)|| IS_PHASE15(st->st_state ))? "ISAKMP" : "IPsec")); ipsecdoi_replace(st, LEMPTY, LEMPTY, 1); } else { fprintf(stderr, "no state #2 found\n"); } passert(kn->oakley_group == tc14_oakleygroup); /* now fill in the KE values from a constant.. not calculated */ clonetowirechunk(&kn->thespace, kn->space, &kn->secret, tc14_secret,tc14_secret_len); clonetowirechunk(&kn->thespace, kn->space, &kn->n, tc14_ni, tc14_ni_len); /* maybe change nonce for rekey? */ clonetowirechunk(&kn->thespace, kn->space, &kn->gi, tc14_gi, tc14_gi_len); run_continuation(crypto_req); send_packet_close(); }
void recv_pcap_packet(u_char *user, const struct pcap_pkthdr *h, const u_char *bytes) { struct state *st; struct pcr_kenonce *kn = &r->pcr_d.kn; recv_pcap_packet_gen(user, h, bytes); /* find st involved */ st = state_with_serialno(1); st->st_connection->extra_debugging = DBG_EMITTING | DBG_CONTROL | DBG_CONTROLMORE; /* now fill in the KE values from a constant.. not calculated */ WIRE_CLONE_DATA(kn, secret, tc3_secret, tc3_secret_len); WIRE_CLONE_DATA(kn, n, tc3_nr, tc3_nr_len); WIRE_CLONE_DATA(kn, gi, tc3_gr, tc3_gr_len); run_continuation(r); }
void recv_pcap_packet(u_char *user, const struct pcap_pkthdr *h, const u_char *bytes) { struct state *st; struct pcr_kenonce *kn = &r->pcr_d.kn; /* I'm jacob two-two. I do everything twice! */ recv_pcap_packet_gen(user, h, bytes); /* find st involved */ st = state_with_serialno(1); st->st_connection->extra_debugging = DBG_EMITTING | DBG_CONTROL | DBG_CONTROLMORE; /* now fill in the KE values from a constant.. not calculated */ clonetowirechunk(&kn->thespace, kn->space, &kn->secret, tc3_secret, tc3_secret_len); clonetowirechunk(&kn->thespace, kn->space, &kn->n, tc3_nr, tc3_nr_len); clonetowirechunk(&kn->thespace, kn->space, &kn->gi, tc3_gr, tc3_gr_len); run_continuation(r); }
void recv_pcap_packet2(u_char *user , const struct pcap_pkthdr *h , const u_char *bytes) { static int call_counter = 0; struct pcr_kenonce *kn = &crypto_req->pcr_d.kn; call_counter++; DBG_log("%s() call %d: enter", __func__, call_counter); enable_debugging(); enable_debugging_on_sa(1); enable_debugging_on_sa(2); recv_pcap_packet_gen(user, h, bytes); if (call_counter == 2) { /* we received the third packet, ISAKMP_v2_SA_INIT, * and queued a 'build_ke', which we have to emulate... * now fill in the KE values from a constant.. not calculated */ passert(kn->oakley_group == SS(oakleygroup)); clonetowirechunk(&kn->thespace, kn->space, &kn->secret, SS(secret.ptr),SS(secret.len)); clonetowirechunk(&kn->thespace, kn->space, &kn->n, SS(ni.ptr), SS(ni.len)); clonetowirechunk(&kn->thespace, kn->space, &kn->gi, SS(gi.ptr), SS(gi.len)); } DBG_log("%s() call %d: continuation", __func__, call_counter); run_continuation(crypto_req); DBG_log("%s() call %d: exit", __func__, call_counter); }
/* this is replicated in the unit test cases since the patching up of the crypto values is case specific */ void recv_pcap_packet(u_char *user , const struct pcap_pkthdr *h , const u_char *bytes) { struct state *st; struct pcr_kenonce *kn = &crypto_req->pcr_d.kn; recv_pcap_packet_gen(user, h, bytes); run_continuation(crypto_req); }
/* * process second packet twice. */ void recv_pcap_packet2twice(u_char *user, const struct pcap_pkthdr *h, const u_char *bytes) { struct state *st; struct pcr_kenonce *kn = &r->pcr_d.kn; recv_pcap_packet_gen(user, h, bytes); /* find st involved */ st = state_with_serialno(1); st->st_connection->extra_debugging = DBG_PRIVATE | DBG_CRYPT | DBG_PARSING | DBG_EMITTING | DBG_CONTROL | DBG_CONTROLMORE; run_continuation(r); recv_pcap_packet_gen(user, h, bytes); run_continuation(r); }
main(int argc, char *argv[]) { int len; char *infile; char *conn_name; int lineno=0; struct connection *c1; struct state *st; EF_PROTECT_FREE=1; EF_FREE_WIPES =1; progname = argv[0]; leak_detective = 1; if(argc != 3) { fprintf(stderr, "Usage: %s <whackrecord> <conn-name>\n", progname); exit(10); } /* argv[1] == "-r" */ tool_init_log(); init_fake_vendorid(); infile = argv[1]; conn_name = argv[2]; readwhackmsg(infile); send_packet_setup_pcap("parentI1.pcap"); c1 = con_by_name(conn_name, TRUE); show_one_connection(c1); st = sendI1(c1,DBG_EMITTING|DBG_CONTROL|DBG_CONTROLMORE); run_continuation(r); /* now invoke the timer event to cause a re-transmission */ handle_next_timer_event(); /* clean up so that we can see any leaks */ delete_state(st); report_leaks(); tool_close_log(); exit(0); }
/* this is replicated in the unit test cases since the patching up of the crypto values is case specific */ void recv_pcap_packet(u_char *user , const struct pcap_pkthdr *h , const u_char *bytes) { struct state *st; struct pcr_kenonce *kn = &crypto_req->pcr_d.kn; recv_pcap_packet_gen(user, h, bytes); /* find st involved */ st = state_with_serialno(1); if(st != NULL) { passert(st != NULL); st->st_connection->extra_debugging = DBG_EMITTING|DBG_CONTROL|DBG_CONTROLMORE|DBG_CRYPT|DBG_PRIVATE; } run_continuation(crypto_req); }
/* * this routine accepts the I3 packet, and the causes a rekey to be queued */ void recv_pcap_I3_rekey(u_char *user , const struct pcap_pkthdr *h , const u_char *bytes) { struct state *st = NULL; struct pcr_kenonce *kn = &crypto_req->pcr_d.kn; /* create a socket for a possible whack process that is doing --up */ int fake_whack_fd = open("/dev/null", O_RDWR); passert(fake_whack_fd != -1); recv_pcap_packet(user, h, bytes); fprintf(stderr, "now pretend that the keylife timer is up, and rekey the connection\n"); show_states_status(); timer_list(); st = state_with_serialno(2); st->st_whack_sock = fake_whack_fd; if(st) { DBG(DBG_LIFECYCLE , openswan_log("replacing stale %s SA" , (IS_PHASE1(st->st_state)|| IS_PHASE15(st->st_state ))? "ISAKMP" : "IPsec")); ipsecdoi_replace(st, LEMPTY, LEMPTY, 1); } else { fprintf(stderr, "no state #2 found\n"); } /* find new state! */ st = state_with_serialno(3); passert(st->st_whack_sock != -1); passert(kn->oakley_group == SS(oakleygroup)); /* now fill in the KE values from a constant.. not calculated */ clonetowirechunk(&kn->thespace, kn->space, &kn->secret, SS(secret.ptr),SS(secret.len)); clonetowirechunk(&kn->thespace, kn->space, &kn->n, SS(ni.ptr), SS(ni.len)); /* maybe change nonce for rekey? */ clonetowirechunk(&kn->thespace, kn->space, &kn->gi, SS(gi.ptr), SS(gi.len)); run_continuation(crypto_req); }
/* this is replicated in the unit test cases since the patching up of the crypto values is case specific */ void recv_pcap_packet(u_char *user , const struct pcap_pkthdr *h , const u_char *bytes) { static int call_counter = 0; struct pcr_kenonce *kn = &crypto_req->pcr_d.kn; call_counter++; DBG_log("%s() call %d: enter", __func__, call_counter); enable_debugging(); enable_debugging_on_sa(1); enable_debugging_on_sa(2); recv_pcap_packet_gen(user, h, bytes); DBG_log("%s() call %d: continuation", __func__, call_counter); run_continuation(crypto_req); DBG_log("%s() call %d: exit", __func__, call_counter); }
/* this is replicated in the unit test cases since the patching up of the crypto values is case specific */ void recv_pcap_packet(u_char *user , const struct pcap_pkthdr *h , const u_char *bytes) { struct state *st; struct pcr_kenonce *kn = &crypto_req->pcr_d.kn; recv_pcap_packet_gen(user, h, bytes); /* find st involved */ st = state_with_serialno(1); if(st) { st->st_connection->extra_debugging = DBG_EMITTING|DBG_CONTROL|DBG_CONTROLMORE; /* now fill in the KE values from a constant.. not calculated */ clonetowirechunk(&kn->thespace, kn->space, &kn->secret, tc14_secretr,tc14_secretr_len); clonetowirechunk(&kn->thespace, kn->space, &kn->n, tc14_nr, tc14_nr_len); clonetowirechunk(&kn->thespace, kn->space, &kn->gi, tc14_gr, tc14_gr_len); run_continuation(crypto_req); } }
void recv_pcap_packet1(u_char *user, const struct pcap_pkthdr *h, const u_char *bytes) { struct state *st; struct pcr_kenonce *kn = &r->pcr_d.kn; recv_pcap_packet_gen(user, h, bytes); /* find st involved */ st = state_with_serialno(1); st->st_connection->extra_debugging = add_debugging; /* now fill in the SKEYSEED values from constants.. not calculated */ WIRE_CLONE_DATA(kn, secret, tc3_secret, tc3_secret_len); WIRE_CLONE_DATA(kn, n, tc3_ni, tc3_ni_len); WIRE_CLONE_DATA(kn, gi, tc3_gi, tc3_gi_len); run_continuation(r); }
main(int argc, char *argv[]){ int len; char *infile; char *conn_name; int lineno = 0; struct connection *c1; struct state *st; EF_PROTECT_FREE = 1; EF_FREE_WIPES = 1; progname = argv[0]; leak_detective = 1; if (argc != 3) { fprintf(stderr, "Usage: %s <whackrecord> <conn-name>\n", progname); exit(10); } /* argv[1] == "-r" */ tool_init_log(); init_fake_vendorid(); infile = argv[1]; conn_name = argv[2]; readwhackmsg(infile); send_packet_setup_pcap("parentI1.pcap"); c1 = con_by_name(conn_name, TRUE); c1->sa_keying_tries = 0; /* for this test case, make retries infinite */ maximum_retransmissions_initial = 2; show_one_connection(c1); st = sendI1(c1, DBG_EMITTING | DBG_CONTROL | DBG_CONTROLMORE | DBG_WHACKWATCH); run_continuation(r); /* after three-retransmits, we fallback to trying IKEv1, if necessary */ handle_next_timer_event(); run_continuation(r); handle_next_timer_event(); run_continuation(r); handle_next_timer_event(); run_continuation(r); handle_next_timer_event(); run_continuation(r); handle_next_timer_event(); run_continuation(r); handle_next_timer_event(); run_continuation(r); handle_next_timer_event(); run_continuation(r); handle_next_timer_event(); run_continuation(r); handle_next_timer_event(); run_continuation(r); /* after three more retransmits, we go back to IKEv2 */ handle_next_timer_event(); run_continuation(r); handle_next_timer_event(); run_continuation(r); handle_next_timer_event(); run_continuation(r); /* as the state will have been renewed, it's hard to clean up */ report_leaks(); tool_close_log(); exit(0); }