void rekeyit()
{
struct state *st = NULL;
struct pcr_kenonce *kn = &crypto_req->pcr_d.kn;
fprintf(stderr, "now pretend that the keylife timer is up, and rekey the connection\n");
show_states_status();
timer_list();
st = state_with_serialno(2);
/* capture the rekey message */
send_packet_setup_pcap("OUTPUT/rekeyikev2-I1.pcap");
if(st) {
DBG(DBG_LIFECYCLE
, openswan_log("replacing stale %s SA"
, (IS_PHASE1(st->st_state)|| IS_PHASE15(st->st_state ))? "ISAKMP" : "IPsec"));
ipsecdoi_replace(st, LEMPTY, LEMPTY, 1);
} else {
fprintf(stderr, "no state #2 found\n");
}
passert(kn->oakley_group == tc14_oakleygroup);
/* now fill in the KE values from a constant.. not calculated */
clonetowirechunk(&kn->thespace, kn->space, &kn->secret, tc14_secret,tc14_secret_len);
clonetowirechunk(&kn->thespace, kn->space, &kn->n, tc14_ni, tc14_ni_len); /* maybe change nonce for rekey? */
clonetowirechunk(&kn->thespace, kn->space, &kn->gi, tc14_gi, tc14_gi_len);
run_continuation(crypto_req);
send_packet_close();
}
void recv_pcap_packet(u_char *user,
const struct pcap_pkthdr *h,
const u_char *bytes)
{
struct state *st;
struct pcr_kenonce *kn = &r->pcr_d.kn;
recv_pcap_packet_gen(user, h, bytes);
/* find st involved */
st = state_with_serialno(1);
st->st_connection->extra_debugging = DBG_EMITTING | DBG_CONTROL |
DBG_CONTROLMORE;
/* now fill in the KE values from a constant.. not calculated */
WIRE_CLONE_DATA(kn, secret, tc3_secret,
tc3_secret_len);
WIRE_CLONE_DATA(kn, n, tc3_nr,
tc3_nr_len);
WIRE_CLONE_DATA(kn, gi, tc3_gr,
tc3_gr_len);
run_continuation(r);
}
void recv_pcap_packet(u_char *user,
const struct pcap_pkthdr *h,
const u_char *bytes)
{
struct state *st;
struct pcr_kenonce *kn = &r->pcr_d.kn;
/* I'm jacob two-two. I do everything twice! */
recv_pcap_packet_gen(user, h, bytes);
/* find st involved */
st = state_with_serialno(1);
st->st_connection->extra_debugging = DBG_EMITTING | DBG_CONTROL |
DBG_CONTROLMORE;
/* now fill in the KE values from a constant.. not calculated */
clonetowirechunk(&kn->thespace, kn->space, &kn->secret, tc3_secret,
tc3_secret_len);
clonetowirechunk(&kn->thespace, kn->space, &kn->n, tc3_nr,
tc3_nr_len);
clonetowirechunk(&kn->thespace, kn->space, &kn->gi, tc3_gr,
tc3_gr_len);
run_continuation(r);
}
void recv_pcap_packet2(u_char *user
, const struct pcap_pkthdr *h
, const u_char *bytes)
{
static int call_counter = 0;
struct pcr_kenonce *kn = &crypto_req->pcr_d.kn;
call_counter++;
DBG_log("%s() call %d: enter", __func__, call_counter);
enable_debugging();
enable_debugging_on_sa(1);
enable_debugging_on_sa(2);
recv_pcap_packet_gen(user, h, bytes);
if (call_counter == 2) {
/* we received the third packet, ISAKMP_v2_SA_INIT,
* and queued a 'build_ke', which we have to emulate...
* now fill in the KE values from a constant.. not calculated */
passert(kn->oakley_group == SS(oakleygroup));
clonetowirechunk(&kn->thespace, kn->space, &kn->secret, SS(secret.ptr),SS(secret.len));
clonetowirechunk(&kn->thespace, kn->space, &kn->n, SS(ni.ptr), SS(ni.len));
clonetowirechunk(&kn->thespace, kn->space, &kn->gi, SS(gi.ptr), SS(gi.len));
}
DBG_log("%s() call %d: continuation", __func__, call_counter);
run_continuation(crypto_req);
DBG_log("%s() call %d: exit", __func__, call_counter);
}
/* this is replicated in the unit test cases since the patching up of the crypto values is case specific */
void recv_pcap_packet(u_char *user
, const struct pcap_pkthdr *h
, const u_char *bytes)
{
struct state *st;
struct pcr_kenonce *kn = &crypto_req->pcr_d.kn;
recv_pcap_packet_gen(user, h, bytes);
run_continuation(crypto_req);
}
/*
* process second packet twice.
*/
void recv_pcap_packet2twice(u_char *user,
const struct pcap_pkthdr *h,
const u_char *bytes)
{
struct state *st;
struct pcr_kenonce *kn = &r->pcr_d.kn;
recv_pcap_packet_gen(user, h, bytes);
/* find st involved */
st = state_with_serialno(1);
st->st_connection->extra_debugging = DBG_PRIVATE | DBG_CRYPT |
DBG_PARSING | DBG_EMITTING |
DBG_CONTROL | DBG_CONTROLMORE;
run_continuation(r);
recv_pcap_packet_gen(user, h, bytes);
run_continuation(r);
}
main(int argc, char *argv[])
{
int len;
char *infile;
char *conn_name;
int lineno=0;
struct connection *c1;
struct state *st;
EF_PROTECT_FREE=1;
EF_FREE_WIPES =1;
progname = argv[0];
leak_detective = 1;
if(argc != 3) {
fprintf(stderr, "Usage: %s <whackrecord> <conn-name>\n", progname);
exit(10);
}
/* argv[1] == "-r" */
tool_init_log();
init_fake_vendorid();
infile = argv[1];
conn_name = argv[2];
readwhackmsg(infile);
send_packet_setup_pcap("parentI1.pcap");
c1 = con_by_name(conn_name, TRUE);
show_one_connection(c1);
st = sendI1(c1,DBG_EMITTING|DBG_CONTROL|DBG_CONTROLMORE);
run_continuation(r);
/* now invoke the timer event to cause a re-transmission */
handle_next_timer_event();
/* clean up so that we can see any leaks */
delete_state(st);
report_leaks();
tool_close_log();
exit(0);
}
/* this is replicated in the unit test cases since the patching up of the crypto values is case specific */
void recv_pcap_packet(u_char *user
, const struct pcap_pkthdr *h
, const u_char *bytes)
{
struct state *st;
struct pcr_kenonce *kn = &crypto_req->pcr_d.kn;
recv_pcap_packet_gen(user, h, bytes);
/* find st involved */
st = state_with_serialno(1);
if(st != NULL) {
passert(st != NULL);
st->st_connection->extra_debugging = DBG_EMITTING|DBG_CONTROL|DBG_CONTROLMORE|DBG_CRYPT|DBG_PRIVATE;
}
run_continuation(crypto_req);
}
/*
* this routine accepts the I3 packet, and the causes a rekey to be queued */
void recv_pcap_I3_rekey(u_char *user
, const struct pcap_pkthdr *h
, const u_char *bytes)
{
struct state *st = NULL;
struct pcr_kenonce *kn = &crypto_req->pcr_d.kn;
/* create a socket for a possible whack process that is doing --up */
int fake_whack_fd = open("/dev/null", O_RDWR);
passert(fake_whack_fd != -1);
recv_pcap_packet(user, h, bytes);
fprintf(stderr, "now pretend that the keylife timer is up, and rekey the connection\n");
show_states_status();
timer_list();
st = state_with_serialno(2);
st->st_whack_sock = fake_whack_fd;
if(st) {
DBG(DBG_LIFECYCLE
, openswan_log("replacing stale %s SA"
, (IS_PHASE1(st->st_state)|| IS_PHASE15(st->st_state ))? "ISAKMP" : "IPsec"));
ipsecdoi_replace(st, LEMPTY, LEMPTY, 1);
} else {
fprintf(stderr, "no state #2 found\n");
}
/* find new state! */
st = state_with_serialno(3);
passert(st->st_whack_sock != -1);
passert(kn->oakley_group == SS(oakleygroup));
/* now fill in the KE values from a constant.. not calculated */
clonetowirechunk(&kn->thespace, kn->space, &kn->secret, SS(secret.ptr),SS(secret.len));
clonetowirechunk(&kn->thespace, kn->space, &kn->n, SS(ni.ptr), SS(ni.len)); /* maybe change nonce for rekey? */
clonetowirechunk(&kn->thespace, kn->space, &kn->gi, SS(gi.ptr), SS(gi.len));
run_continuation(crypto_req);
}
/* this is replicated in the unit test cases since the patching up of the crypto values is case specific */
void recv_pcap_packet(u_char *user
, const struct pcap_pkthdr *h
, const u_char *bytes)
{
static int call_counter = 0;
struct pcr_kenonce *kn = &crypto_req->pcr_d.kn;
call_counter++;
DBG_log("%s() call %d: enter", __func__, call_counter);
enable_debugging();
enable_debugging_on_sa(1);
enable_debugging_on_sa(2);
recv_pcap_packet_gen(user, h, bytes);
DBG_log("%s() call %d: continuation", __func__, call_counter);
run_continuation(crypto_req);
DBG_log("%s() call %d: exit", __func__, call_counter);
}
/* this is replicated in the unit test cases since the patching up of the crypto values is case specific */
void recv_pcap_packet(u_char *user
, const struct pcap_pkthdr *h
, const u_char *bytes)
{
struct state *st;
struct pcr_kenonce *kn = &crypto_req->pcr_d.kn;
recv_pcap_packet_gen(user, h, bytes);
/* find st involved */
st = state_with_serialno(1);
if(st) {
st->st_connection->extra_debugging = DBG_EMITTING|DBG_CONTROL|DBG_CONTROLMORE;
/* now fill in the KE values from a constant.. not calculated */
clonetowirechunk(&kn->thespace, kn->space, &kn->secret, tc14_secretr,tc14_secretr_len);
clonetowirechunk(&kn->thespace, kn->space, &kn->n, tc14_nr, tc14_nr_len);
clonetowirechunk(&kn->thespace, kn->space, &kn->gi, tc14_gr, tc14_gr_len);
run_continuation(crypto_req);
}
}
void recv_pcap_packet1(u_char *user,
const struct pcap_pkthdr *h,
const u_char *bytes)
{
struct state *st;
struct pcr_kenonce *kn = &r->pcr_d.kn;
recv_pcap_packet_gen(user, h, bytes);
/* find st involved */
st = state_with_serialno(1);
st->st_connection->extra_debugging = add_debugging;
/* now fill in the SKEYSEED values from constants.. not calculated */
WIRE_CLONE_DATA(kn, secret, tc3_secret,
tc3_secret_len);
WIRE_CLONE_DATA(kn, n, tc3_ni,
tc3_ni_len);
WIRE_CLONE_DATA(kn, gi, tc3_gi,
tc3_gi_len);
run_continuation(r);
}
main(int argc, char *argv[]){
int len;
char *infile;
char *conn_name;
int lineno = 0;
struct connection *c1;
struct state *st;
EF_PROTECT_FREE = 1;
EF_FREE_WIPES = 1;
progname = argv[0];
leak_detective = 1;
if (argc != 3) {
fprintf(stderr, "Usage: %s <whackrecord> <conn-name>\n",
progname);
exit(10);
}
/* argv[1] == "-r" */
tool_init_log();
init_fake_vendorid();
infile = argv[1];
conn_name = argv[2];
readwhackmsg(infile);
send_packet_setup_pcap("parentI1.pcap");
c1 = con_by_name(conn_name, TRUE);
c1->sa_keying_tries = 0; /* for this test case, make retries infinite */
maximum_retransmissions_initial = 2;
show_one_connection(c1);
st = sendI1(c1,
DBG_EMITTING | DBG_CONTROL | DBG_CONTROLMORE |
DBG_WHACKWATCH);
run_continuation(r);
/* after three-retransmits, we fallback to trying IKEv1, if necessary */
handle_next_timer_event();
run_continuation(r);
handle_next_timer_event();
run_continuation(r);
handle_next_timer_event();
run_continuation(r);
handle_next_timer_event();
run_continuation(r);
handle_next_timer_event();
run_continuation(r);
handle_next_timer_event();
run_continuation(r);
handle_next_timer_event();
run_continuation(r);
handle_next_timer_event();
run_continuation(r);
handle_next_timer_event();
run_continuation(r);
/* after three more retransmits, we go back to IKEv2 */
handle_next_timer_event();
run_continuation(r);
handle_next_timer_event();
run_continuation(r);
handle_next_timer_event();
run_continuation(r);
/* as the state will have been renewed, it's hard to clean up */
report_leaks();
tool_close_log();
exit(0);
}
