src/racoon/isakmp_ident.c

/*        $NetBSD: isakmp_ident.c,v 1.17 2025/03/07 15:55:29 christos Exp $     */

/* Id: isakmp_ident.c,v 1.21 2006/04/06 16:46:08 manubsd Exp */

/*
 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. Neither the name of the project nor the names of its contributors
 *    may be used to endorse or promote products derived from this software
 *    without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 */

/* Identity Protecion Exchange (Main Mode) */

#include "config.h"

#include <sys/types.h>
#include <sys/param.h>

#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <errno.h>
#if TIME_WITH_SYS_TIME
# include <sys/time.h>
# include <time.h>
#else
# if HAVE_SYS_TIME_H
#  include <sys/time.h>
# else
#  include <time.h>
# endif
#endif

#include "var.h"
#include "misc.h"
#include "vmbuf.h"
#include "plog.h"
#include "sockmisc.h"
#include "schedule.h"
#include "debug.h"

#include "localconf.h"
#include "remoteconf.h"
#include "isakmp_var.h"
#include "isakmp.h"
#include "evt.h"
#include "oakley.h"
#include "handler.h"
#include "ipsec_doi.h"
#include "crypto_openssl.h"
#include "pfkey.h"
#include "isakmp_ident.h"
#include "isakmp_inf.h"
#include "vendorid.h"

#ifdef ENABLE_NATT
#include "nattraversal.h"
#endif
#ifdef HAVE_GSSAPI
#include "gssapi.h"
#endif
#ifdef ENABLE_HYBRID
#include <resolv.h>
#include "isakmp_xauth.h"
#include "isakmp_cfg.h"
#endif
#ifdef ENABLE_FRAG
#include "isakmp_frag.h"
#endif

static vchar_t *ident_ir2mx(struct ph1handle *);
static vchar_t *ident_ir3mx(struct ph1handle *);
static int ident_recv_n(struct ph1handle *, struct isakmp_gen *);

/* %%%
 * begin Identity Protection Mode as initiator.
 */
/*
 * send to responder
 *        psk: HDR, SA
 *        sig: HDR, SA
 *        rsa: HDR, SA
 *        rev: HDR, SA
 */
int
ident_i1send(struct ph1handle *iph1, vchar_t *msg) /* must be null */
{
          struct payload_list *plist = NULL;
          int error = -1;
#ifdef ENABLE_NATT
          vchar_t *vid_natt[MAX_NATT_VID_COUNT] = { NULL };
          int i;
#endif
#ifdef ENABLE_HYBRID
          vchar_t *vid_xauth = NULL;
          vchar_t *vid_unity = NULL;
#endif
#ifdef ENABLE_FRAG
          vchar_t *vid_frag = NULL;
#endif
#ifdef ENABLE_DPD
          vchar_t *vid_dpd = NULL;
#endif
          /* validity check */
          if (msg != NULL) {
                    plog(LLV_ERROR, LOCATION, NULL,
                              "msg has to be NULL in this function.\n");
                    goto end;
          }
          if (iph1->status != PHASE1ST_START) {
                    plog(LLV_ERROR, LOCATION, NULL,
                              "status mismatched %d.\n", iph1->status);
                    goto end;
          }

          /* create isakmp index */
          memset(&iph1->index, 0, sizeof(iph1->index));
          isakmp_newcookie((caddr_t)&iph1->index, iph1->remote, iph1->local);

          /* create SA payload for my proposal */
          iph1->sa = ipsecdoi_setph1proposal(iph1->rmconf,
                                                     iph1->rmconf->proposal);
          if (iph1->sa == NULL)
                    goto end;

          /* set SA payload to propose */
          plist = isakmp_plist_append(plist, iph1->sa, ISAKMP_NPTYPE_SA);

#ifdef ENABLE_NATT
          /* set VID payload for NAT-T if NAT-T support allowed in the config file */
          if (iph1->rmconf->nat_traversal)
                    plist = isakmp_plist_append_natt_vids(plist, vid_natt);
#endif
#ifdef ENABLE_HYBRID
          /* Do we need Xauth VID? */
          switch (iph1->rmconf->proposal->authmethod) {
          case OAKLEY_ATTR_AUTH_METHOD_XAUTH_PSKEY_I:
          case OAKLEY_ATTR_AUTH_METHOD_HYBRID_RSA_I:
          case OAKLEY_ATTR_AUTH_METHOD_HYBRID_DSS_I:
          case OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSASIG_I:
          case OAKLEY_ATTR_AUTH_METHOD_XAUTH_DSSSIG_I:
          case OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSAENC_I:
          case OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSAREV_I:
                    if ((vid_xauth = set_vendorid(VENDORID_XAUTH)) == NULL)
                              plog(LLV_ERROR, LOCATION, NULL,
                                   "Xauth vendor ID generation failed\n");
                    else
                              plist = isakmp_plist_append(plist,
                                  vid_xauth, ISAKMP_NPTYPE_VID);
                    /*FALLTHROUGH*/
          case OAKLEY_ATTR_AUTH_METHOD_RSASIG:
                    if ((vid_unity = set_vendorid(VENDORID_UNITY)) == NULL)
                              plog(LLV_ERROR, LOCATION, NULL,
                                   "Unity vendor ID generation failed\n");
                    else
                              plist = isakmp_plist_append(plist,
                                  vid_unity, ISAKMP_NPTYPE_VID);
                    break;
          default:
                    break;
          }
#endif
#ifdef ENABLE_FRAG
          if (iph1->rmconf->ike_frag) {
                    if ((vid_frag = set_vendorid(VENDORID_FRAG)) == NULL) {
                              plog(LLV_ERROR, LOCATION, NULL,
                                  "Frag vendorID construction failed\n");
                    } else {
                              vid_frag = isakmp_frag_addcap(vid_frag,
                                  VENDORID_FRAG_IDENT);
                              plist = isakmp_plist_append(plist,
                                  vid_frag, ISAKMP_NPTYPE_VID);
                    }
          }
#endif
#ifdef ENABLE_DPD
          if(iph1->rmconf->dpd){
                    vid_dpd = set_vendorid(VENDORID_DPD);
                    if (vid_dpd != NULL)
                              plist = isakmp_plist_append(plist, vid_dpd,
                                  ISAKMP_NPTYPE_VID);
          }
#endif

          iph1->sendbuf = isakmp_plist_set_all (&plist, iph1);

#ifdef HAVE_PRINT_ISAKMP_C
          isakmp_printpacket(iph1->sendbuf, iph1->local, iph1->remote, 0);
#endif

          /* send the packet, add to the schedule to resend */
          if (isakmp_ph1send(iph1) == -1)
                    goto end;

          iph1->status = PHASE1ST_MSG1SENT;

          error = 0;

end:
#ifdef ENABLE_FRAG
          if (vid_frag)
                    vfree(vid_frag);
#endif
#ifdef ENABLE_NATT
          for (i = 0; i < MAX_NATT_VID_COUNT && vid_natt[i] != NULL; i++)
                    vfree(vid_natt[i]);
#endif
#ifdef ENABLE_HYBRID
          if (vid_xauth != NULL)
                    vfree(vid_xauth);
          if (vid_unity != NULL)
                    vfree(vid_unity);
#endif
#ifdef ENABLE_DPD
          if (vid_dpd != NULL)
                    vfree(vid_dpd);
#endif

          return error;
}

/*
 * receive from responder
 *        psk: HDR, SA
 *        sig: HDR, SA
 *        rsa: HDR, SA
 *        rev: HDR, SA
 */
int
ident_i2recv(struct ph1handle *iph1, vchar_t *msg)
{
          vchar_t *pbuf = NULL;
          struct isakmp_parse_t *pa;
          vchar_t *satmp = NULL;
          int error = -1;

          /* validity check */
          if (iph1->status != PHASE1ST_MSG1SENT) {
                    plog(LLV_ERROR, LOCATION, NULL,
                              "status mismatched %d.\n", iph1->status);
                    goto end;
          }

          /* validate the type of next payload */
          /*
           * NOTE: RedCreek(as responder) attaches N[responder-lifetime] here,
           *        if proposal-lifetime > lifetime-redcreek-wants.
           *        (see doi-08 4.5.4)
           *        => According to the seciton 4.6.3 in RFC 2407, This is illegal.
           * NOTE: we do not really care about ordering of VID and N.
           *        does it matters?
           * NOTE: even if there's multiple VID/N, we'll ignore them.
           */
          pbuf = isakmp_parse(msg);
          if (pbuf == NULL)
                    goto end;
          pa = (struct isakmp_parse_t *)pbuf->v;

          /* SA payload is fixed postion */
          if (pa->type != ISAKMP_NPTYPE_SA) {
                    plog(LLV_ERROR, LOCATION, iph1->remote,
                              "received invalid next payload type %d, "
                              "expecting %d.\n",
                              pa->type, ISAKMP_NPTYPE_SA);
                    goto end;
          }
          if (isakmp_p2ph(&satmp, pa->ptr) < 0)
                    goto end;
          pa++;

          for (/*nothing*/;
               pa->type != ISAKMP_NPTYPE_NONE;
               pa++) {

                    switch (pa->type) {
                    case ISAKMP_NPTYPE_VID:
                              handle_vendorid(iph1, pa->ptr);
                              break;
                    default:
                              /* don't send information, see ident_r1recv() */
                              plog(LLV_ERROR, LOCATION, iph1->remote,
                                        "ignore the packet, "
                                        "received unexpecting payload type %d.\n",
                                        pa->type);
                              goto end;
                    }
          }

#ifdef ENABLE_NATT
          if (NATT_AVAILABLE(iph1))
                    plog(LLV_INFO, LOCATION, iph1->remote,
                         "Selected NAT-T version: %s\n",
                         vid_string_by_id(iph1->natt_options->version));
#endif

          /* check SA payload and set approval SA for use */
          if (ipsecdoi_checkph1proposal(satmp, iph1) < 0) {
                    plog(LLV_ERROR, LOCATION, iph1->remote,
                              "failed to get valid proposal.\n");
                    /* XXX send information */
                    goto end;
          }
          VPTRINIT(iph1->sa_ret);

          iph1->status = PHASE1ST_MSG2RECEIVED;

          error = 0;

end:
          if (pbuf)
                    vfree(pbuf);
          if (satmp)
                    vfree(satmp);
          return error;
}

/*
 * send to responder
 *        psk: HDR, KE, Ni
 *        sig: HDR, KE, Ni
 *   gssapi: HDR, KE, Ni, GSSi
 *        rsa: HDR, KE, [ HASH(1), ] <IDi1_b>PubKey_r, <Ni_b>PubKey_r
 *        rev: HDR, [ HASH(1), ] <Ni_b>Pubkey_r, <KE_b>Ke_i,
 *                  <IDi1_b>Ke_i, [<<Cert-I_b>Ke_i]
 */
int
ident_i2send(struct ph1handle *iph1, vchar_t *msg)
{
          int error = -1;

          /* validity check */
          if (iph1->status != PHASE1ST_MSG2RECEIVED) {
                    plog(LLV_ERROR, LOCATION, NULL,
                              "status mismatched %d.\n", iph1->status);
                    goto end;
          }

          /* fix isakmp index */
          memcpy(&iph1->index.r_ck, &((struct isakmp *)msg->v)->r_ck,
                    sizeof(cookie_t));

          /* generate DH public value */
          if (oakley_dh_generate(iph1->approval->dhgrp,
                                        &iph1->dhpub, &iph1->dhpriv) < 0)
                    goto end;

          /* generate NONCE value */
          iph1->nonce = eay_set_random(iph1->rmconf->nonce_size);
          if (iph1->nonce == NULL)
                    goto end;

#ifdef HAVE_GSSAPI
          if (iph1->approval->authmethod == OAKLEY_ATTR_AUTH_METHOD_GSSAPI_KRB &&
              gssapi_get_itoken(iph1, NULL) < 0)
                    goto end;
#endif

          /* create buffer to send isakmp payload */
          iph1->sendbuf = ident_ir2mx(iph1);
          if (iph1->sendbuf == NULL)
                    goto end;

#ifdef HAVE_PRINT_ISAKMP_C
          isakmp_printpacket(iph1->sendbuf, iph1->local, iph1->remote, 0);
#endif

          /* send the packet, add to the schedule to resend */
          if (isakmp_ph1send(iph1) == -1)
                    goto end;

          /* the sending message is added to the received-list. */
          if (add_recvdpkt(iph1->remote, iph1->local, iph1->sendbuf, msg) == -1) {
                    plog(LLV_ERROR , LOCATION, NULL,
                              "failed to add a response packet to the tree.\n");
                    goto end;
          }

          iph1->status = PHASE1ST_MSG2SENT;

          error = 0;

end:
          return error;
}

/*
 * receive from responder
 *        psk: HDR, KE, Nr
 *        sig: HDR, KE, Nr [, CR ]
 *   gssapi: HDR, KE, Nr, GSSr
 *        rsa: HDR, KE, <IDr1_b>PubKey_i, <Nr_b>PubKey_i
 *        rev: HDR, <Nr_b>PubKey_i, <KE_b>Ke_r, <IDr1_b>Ke_r,
 */
int
ident_i3recv(struct ph1handle *iph1, vchar_t *msg)
{
          vchar_t *pbuf = NULL;
          struct isakmp_parse_t *pa;
          int error = -1;
#ifdef HAVE_GSSAPI
          vchar_t *gsstoken = NULL;
#endif
#ifdef ENABLE_NATT
          vchar_t   *natd_received;
          int natd_seq = 0, natd_verified;
#endif

          /* validity check */
          if (iph1->status != PHASE1ST_MSG2SENT) {
                    plog(LLV_ERROR, LOCATION, NULL,
                              "status mismatched %d.\n", iph1->status);
                    goto end;
          }

          /* validate the type of next payload */
          pbuf = isakmp_parse(msg);
          if (pbuf == NULL)
                    goto end;

          for (pa = (struct isakmp_parse_t *)pbuf->v;
               pa->type != ISAKMP_NPTYPE_NONE;
               pa++) {

                    switch (pa->type) {
                    case ISAKMP_NPTYPE_KE:
                              if (isakmp_p2ph(&iph1->dhpub_p, pa->ptr) < 0)
                                        goto end;
                              break;
                    case ISAKMP_NPTYPE_NONCE:
                              if (isakmp_p2ph(&iph1->nonce_p, pa->ptr) < 0)
                                        goto end;
                              break;
                    case ISAKMP_NPTYPE_VID:
                              handle_vendorid(iph1, pa->ptr);
                              break;
                    case ISAKMP_NPTYPE_CR:
                              if (oakley_savecr(iph1, pa->ptr) < 0)
                                        goto end;
                              break;
#ifdef HAVE_GSSAPI
                    case ISAKMP_NPTYPE_GSS:
                              if (isakmp_p2ph(&gsstoken, pa->ptr) < 0)
                                        goto end;
                              gssapi_save_received_token(iph1, gsstoken);
                              break;
#endif

#ifdef ENABLE_NATT
                    case ISAKMP_NPTYPE_NATD_DRAFT:
                    case ISAKMP_NPTYPE_NATD_RFC:
                              if (NATT_AVAILABLE(iph1) && iph1->natt_options != NULL &&
                                  pa->type == iph1->natt_options->payload_nat_d) {
                                        natd_received = NULL;
                                        if (isakmp_p2ph (&natd_received, pa->ptr) < 0)
                                                  goto end;

                                        /* set both bits first so that we can clear them
                                           upon verifying hashes */
                                        if (natd_seq == 0)
                                                  iph1->natt_flags |= NAT_DETECTED;

                                        /* this function will clear appropriate bits bits
                                           from iph1->natt_flags */
                                        natd_verified = natt_compare_addr_hash (iph1,
                                                  natd_received, natd_seq++);

                                        plog (LLV_INFO, LOCATION, NULL, "NAT-D payload #%d %s\n",
                                                  natd_seq - 1,
                                                  natd_verified ? "verified" : "doesn't match");

                                        vfree (natd_received);
                                        break;
                              }
                              /* passthrough to default... */
#endif
                              /*FALLTHROUGH*/
                    default:
                              /* don't send information, see ident_r1recv() */
                              plog(LLV_ERROR, LOCATION, iph1->remote,
                                        "ignore the packet, "
                                        "received unexpecting payload type %d.\n",
                                        pa->type);
                              goto end;
                    }
          }

#ifdef ENABLE_NATT
          if (NATT_AVAILABLE(iph1)) {
                    plog (LLV_INFO, LOCATION, NULL, "NAT %s %s%s\n",
                          iph1->natt_flags & NAT_DETECTED ?
                                        "detected:" : "not detected",
                          iph1->natt_flags & NAT_DETECTED_ME ? "ME " : "",
                          iph1->natt_flags & NAT_DETECTED_PEER ? "PEER" : "");
                    if (iph1->natt_flags & NAT_DETECTED)
                              natt_float_ports (iph1);
          }
#endif

          /* payload existency check */
          if (iph1->dhpub_p == NULL || iph1->nonce_p == NULL) {
                    plog(LLV_ERROR, LOCATION, iph1->remote,
                              "few isakmp message received.\n");
                    goto end;
          }

          if (oakley_checkcr(iph1) < 0) {
                    /* Ignore this error in order to be interoperability. */
                    ;
          }

          iph1->status = PHASE1ST_MSG3RECEIVED;

          error = 0;

end:
#ifdef HAVE_GSSAPI
          if (gsstoken)
                    vfree(gsstoken);
#endif
          if (pbuf)
                    vfree(pbuf);
          if (error) {
                    VPTRINIT(iph1->dhpub_p);
                    VPTRINIT(iph1->nonce_p);
                    VPTRINIT(iph1->id_p);
                    VPTRINIT(iph1->cr_p);
          }

          return error;
}

/*
 * send to responder
 *        psk: HDR*, IDi1, HASH_I
 *        sig: HDR*, IDi1, [ CR, ] [ CERT, ] SIG_I
 *   gssapi: HDR*, IDi1, < Gssi(n) | HASH_I >
 *        rsa: HDR*, HASH_I
 *        rev: HDR*, HASH_I
 */
int
ident_i3send(struct ph1handle *iph1, vchar_t *msg0)
{
          int error = -1;
          int dohash = 1;
#ifdef HAVE_GSSAPI
          int len;
#endif

          /* validity check */
          if (iph1->status != PHASE1ST_MSG3RECEIVED) {
                    plog(LLV_ERROR, LOCATION, NULL,
                              "status mismatched %d.\n", iph1->status);
                    goto end;
          }

          /* compute sharing secret of DH */
          if (oakley_dh_compute(iph1->approval->dhgrp, iph1->dhpub,
                                        iph1->dhpriv, iph1->dhpub_p, &iph1->dhgxy) < 0)
                    goto end;

          /* generate SKEYIDs & IV & final cipher key */
          if (oakley_skeyid(iph1) < 0)
                    goto end;
          if (oakley_skeyid_dae(iph1) < 0)
                    goto end;
          if (oakley_compute_enckey(iph1) < 0)
                    goto end;
          if (oakley_newiv(iph1) < 0)
                    goto end;

          /* make ID payload into isakmp status */
          if (ipsecdoi_setid1(iph1) < 0)
                    goto end;

#ifdef HAVE_GSSAPI
          if (iph1->approval->authmethod == OAKLEY_ATTR_AUTH_METHOD_GSSAPI_KRB &&
              gssapi_more_tokens(iph1)) {
                    plog(LLV_DEBUG, LOCATION, NULL, "calling get_itoken\n");
                    if (gssapi_get_itoken(iph1, &len) < 0)
                              goto end;
                    if (len != 0)
                              dohash = 0;
          }
#endif

          /* generate HASH to send */
          if (dohash) {
                    iph1->hash = oakley_ph1hash_common(iph1, GENERATE);
                    if (iph1->hash == NULL)
                              goto end;
          } else
                    iph1->hash = NULL;

          /* set encryption flag */
          iph1->flags |= ISAKMP_FLAG_E;

          /* create HDR;ID;HASH payload */
          iph1->sendbuf = ident_ir3mx(iph1);
          if (iph1->sendbuf == NULL)
                    goto end;

          /* send the packet, add to the schedule to resend */
          if (isakmp_ph1send(iph1) == -1)
                    goto end;

          /* the sending message is added to the received-list. */
          if (add_recvdpkt(iph1->remote, iph1->local, iph1->sendbuf, msg0) == -1) {
                    plog(LLV_ERROR , LOCATION, NULL,
                              "failed to add a response packet to the tree.\n");
                    goto end;
          }

          /* see handler.h about IV synchronization. */
          memcpy(iph1->ivm->ive->v, iph1->ivm->iv->v, iph1->ivm->iv->l);

          iph1->status = PHASE1ST_MSG3SENT;

          error = 0;

end:
          return error;
}

/*
 * receive from responder
 *        psk: HDR*, IDr1, HASH_R
 *        sig: HDR*, IDr1, [ CERT, ] SIG_R
 *   gssapi: HDR*, IDr1, < GSSr(n) | HASH_R >
 *        rsa: HDR*, HASH_R
 *        rev: HDR*, HASH_R
 */
int
ident_i4recv(struct ph1handle *iph1, vchar_t *msg0)
{
          vchar_t *pbuf = NULL;
          struct isakmp_parse_t *pa;
          vchar_t *msg = NULL;
          int error = -1;
          int type;
#ifdef HAVE_GSSAPI
          vchar_t *gsstoken = NULL;
#endif

          /* validity check */
          if (iph1->status != PHASE1ST_MSG3SENT) {
                    plog(LLV_ERROR, LOCATION, NULL,
                              "status mismatched %d.\n", iph1->status);
                    goto end;
          }

          /* decrypting */
          if (!ISSET(((struct isakmp *)msg0->v)->flags, ISAKMP_FLAG_E)) {
                    plog(LLV_ERROR, LOCATION, iph1->remote,
                              "ignore the packet, "
                              "expecting the packet encrypted.\n");
                    goto end;
          }
          msg = oakley_do_decrypt(iph1, msg0, iph1->ivm->iv, iph1->ivm->ive);
          if (msg == NULL)
                    goto end;

          /* validate the type of next payload */
          pbuf = isakmp_parse(msg);
          if (pbuf == NULL)
                    goto end;

          iph1->pl_hash = NULL;

          for (pa = (struct isakmp_parse_t *)pbuf->v;
               pa->type != ISAKMP_NPTYPE_NONE;
               pa++) {

                    switch (pa->type) {
                    case ISAKMP_NPTYPE_ID:
                              if (isakmp_p2ph(&iph1->id_p, pa->ptr) < 0)
                                        goto end;
                              break;
                    case ISAKMP_NPTYPE_HASH:
                              iph1->pl_hash = (struct isakmp_pl_hash *)pa->ptr;
                              break;
                    case ISAKMP_NPTYPE_CERT:
                              if (oakley_savecert(iph1, pa->ptr) < 0)
                                        goto end;
                              break;
                    case ISAKMP_NPTYPE_SIG:
                              if (isakmp_p2ph(&iph1->sig_p, pa->ptr) < 0)
                                        goto end;
                              break;
#ifdef HAVE_GSSAPI
                    case ISAKMP_NPTYPE_GSS:
                              if (isakmp_p2ph(&gsstoken, pa->ptr) < 0)
                                        goto end;
                              gssapi_save_received_token(iph1, gsstoken);
                              break;
#endif
                    case ISAKMP_NPTYPE_VID:
                              handle_vendorid(iph1, pa->ptr);
                              break;
                    case ISAKMP_NPTYPE_N:
                              ident_recv_n(iph1, pa->ptr);
                              break;
                    default:
                              /* don't send information, see ident_r1recv() */
                              plog(LLV_ERROR, LOCATION, iph1->remote,
                                        "ignore the packet, "
                                        "received unexpecting payload type %d.\n",
                                        pa->type);
                              goto end;
                    }
          }

          /* payload existency check */

          /* verify identifier */
          if (ipsecdoi_checkid1(iph1) != 0) {
                    plog(LLV_ERROR, LOCATION, iph1->remote,
                              "invalid ID payload.\n");
                    goto end;
          }

          /* validate authentication value */
#ifdef HAVE_GSSAPI
          if (gsstoken == NULL) {
#endif
                    type = oakley_validate_auth(iph1);
                    if (type != 0) {
                              if (type == -1) {
                                        /* msg printed inner oakley_validate_auth() */
                                        goto end;
                              }
                              evt_phase1(iph1, EVT_PHASE1_AUTH_FAILED, NULL);
                              isakmp_info_send_n1(iph1, type, NULL);
                              goto end;
                    }
#ifdef HAVE_GSSAPI
          }
#endif

          /*
           * XXX: Should we do compare two addresses, ph1handle's and ID
           * payload's.
           */

          plog(LLV_DEBUG, LOCATION, iph1->remote, "peer's ID:");
          plogdump(LLV_DEBUG, iph1->id_p->v, iph1->id_p->l);

          /* see handler.h about IV synchronization. */
          memcpy(iph1->ivm->iv->v, iph1->ivm->ive->v, iph1->ivm->ive->l);

          /*
           * If we got a GSS token, we need to this roundtrip again.
           */
#ifdef HAVE_GSSAPI
          iph1->status = gsstoken != 0 ? PHASE1ST_MSG3RECEIVED :
              PHASE1ST_MSG4RECEIVED;
#else
          iph1->status = PHASE1ST_MSG4RECEIVED;
#endif

          error = 0;

end:
          if (pbuf)
                    vfree(pbuf);
          if (msg)
                    vfree(msg);
#ifdef HAVE_GSSAPI
          if (gsstoken)
                    vfree(gsstoken);
#endif

          if (error) {
                    VPTRINIT(iph1->id_p);
                    VPTRINIT(iph1->cert_p);
                    VPTRINIT(iph1->crl_p);
                    VPTRINIT(iph1->sig_p);
          }

          return error;
}

/*
 * status update and establish isakmp sa.
 */
/*ARGSUSED*/
int
ident_i4send(struct ph1handle *iph1, vchar_t *msg __unused)
{
          int error = -1;

          /* validity check */
          if (iph1->status != PHASE1ST_MSG4RECEIVED) {
                    plog(LLV_ERROR, LOCATION, NULL,
                              "status mismatched %d.\n", iph1->status);
                    goto end;
          }

          /* see handler.h about IV synchronization. */
          memcpy(iph1->ivm->iv->v, iph1->ivm->ive->v, iph1->ivm->iv->l);

          iph1->status = PHASE1ST_ESTABLISHED;

          error = 0;

end:
          return error;
}

/*
 * receive from initiator
 *        psk: HDR, SA
 *        sig: HDR, SA
 *        rsa: HDR, SA
 *        rev: HDR, SA
 */
int
ident_r1recv(struct ph1handle *iph1, vchar_t *msg)
{
          vchar_t *pbuf = NULL;
          struct isakmp_parse_t *pa;
          int error = -1;
          int vid_numeric;

          /* validity check */
          if (iph1->status != PHASE1ST_START) {
                    plog(LLV_ERROR, LOCATION, NULL,
                              "status mismatched %d.\n", iph1->status);
                    goto end;
          }

          /* validate the type of next payload */
          /*
           * NOTE: XXX even if multiple VID, we'll silently ignore those.
           */
          pbuf = isakmp_parse(msg);
          if (pbuf == NULL)
                    goto end;
          pa = (struct isakmp_parse_t *)pbuf->v;

          /* check the position of SA payload */
          if (pa->type != ISAKMP_NPTYPE_SA) {
                    plog(LLV_ERROR, LOCATION, iph1->remote,
                              "received invalid next payload type %d, "
                              "expecting %d.\n",
                              pa->type, ISAKMP_NPTYPE_SA);
                    goto end;
          }
          if (isakmp_p2ph(&iph1->sa, pa->ptr) < 0)
                    goto end;
          pa++;

          for (/*nothing*/;
               pa->type != ISAKMP_NPTYPE_NONE;
               pa++) {

                    switch (pa->type) {
                    case ISAKMP_NPTYPE_VID:
                              vid_numeric = handle_vendorid(iph1, pa->ptr);
#ifdef ENABLE_FRAG
                              if ((vid_numeric == VENDORID_FRAG) &&
                                  (vendorid_frag_cap(pa->ptr) & VENDORID_FRAG_IDENT))
                                        iph1->frag = 1;
#endif
                              break;
                    default:
                              /*
                               * We don't send information to the peer even
                               * if we received malformed packet.  Because we
                               * can't distinguish the malformed packet and
                               * the re-sent packet.  And we do same behavior
                               * when we expect encrypted packet.
                               */
                              plog(LLV_ERROR, LOCATION, iph1->remote,
                                        "ignore the packet, "
                                        "received unexpecting payload type %d.\n",
                                        pa->type);
                              goto end;
                    }
          }

#ifdef ENABLE_NATT
          if (NATT_AVAILABLE(iph1))
                    plog(LLV_INFO, LOCATION, iph1->remote,
                         "Selected NAT-T version: %s\n",
                         vid_string_by_id(iph1->natt_options->version));
#endif

          /* check SA payload and set approval SA for use */
          if (ipsecdoi_checkph1proposal(iph1->sa, iph1) < 0) {
                    plog(LLV_ERROR, LOCATION, iph1->remote,
                              "failed to get valid proposal.\n");
                    /* XXX send information */
                    goto end;
          }

          iph1->status = PHASE1ST_MSG1RECEIVED;

          error = 0;

end:
          if (pbuf)
                    vfree(pbuf);
          if (error) {
                    VPTRINIT(iph1->sa);
          }

          return error;
}

/*
 * send to initiator
 *        psk: HDR, SA
 *        sig: HDR, SA
 *        rsa: HDR, SA
 *        rev: HDR, SA
 */
int
ident_r1send(struct ph1handle *iph1, vchar_t *msg)
{
          struct payload_list *plist = NULL;
          int error = -1;
          vchar_t *gss_sa = NULL;
#ifdef HAVE_GSSAPI
          int free_gss_sa = 0;
#endif
#ifdef ENABLE_NATT
          vchar_t *vid_natt = NULL;
#endif
#ifdef ENABLE_HYBRID
        vchar_t *vid_xauth = NULL;
        vchar_t *vid_unity = NULL;
#endif
#ifdef ENABLE_DPD
          vchar_t *vid_dpd = NULL;
#endif
#ifdef ENABLE_FRAG
          vchar_t *vid_frag = NULL;
#endif

          /* validity check */
          if (iph1->status != PHASE1ST_MSG1RECEIVED) {
                    plog(LLV_ERROR, LOCATION, NULL,
                              "status mismatched %d.\n", iph1->status);
                    goto end;
          }

          /* set responder's cookie */
          isakmp_newcookie((caddr_t)&iph1->index.r_ck, iph1->remote, iph1->local);

#ifdef HAVE_GSSAPI
          if (iph1->approval->gssid != NULL) {
                    gss_sa = ipsecdoi_setph1proposal(iph1->rmconf, iph1->approval);
                    if (gss_sa != iph1->sa_ret)
                              free_gss_sa = 1;
          } else
#endif
                    gss_sa = iph1->sa_ret;

          /* set SA payload to reply */
          plist = isakmp_plist_append(plist, gss_sa, ISAKMP_NPTYPE_SA);

#ifdef ENABLE_HYBRID
          if (iph1->mode_cfg->flags & ISAKMP_CFG_VENDORID_XAUTH) {
                    plog (LLV_INFO, LOCATION, NULL, "Adding xauth VID payload.\n");
                    if ((vid_xauth = set_vendorid(VENDORID_XAUTH)) == NULL) {
                              plog(LLV_ERROR, LOCATION, NULL,
                                  "Cannot create Xauth vendor ID\n");
                              goto end;
                    }
                    plist = isakmp_plist_append(plist,
                        vid_xauth, ISAKMP_NPTYPE_VID);
          }

          if (iph1->mode_cfg->flags & ISAKMP_CFG_VENDORID_UNITY) {
                    if ((vid_unity = set_vendorid(VENDORID_UNITY)) == NULL) {
                              plog(LLV_ERROR, LOCATION, NULL,
                                  "Cannot create Unity vendor ID\n");
                              goto end;
                    }
                    plist = isakmp_plist_append(plist,
                        vid_unity, ISAKMP_NPTYPE_VID);
          }
#endif
#ifdef ENABLE_NATT
          /* Has the peer announced NAT-T? */
          if (NATT_AVAILABLE(iph1))
                    vid_natt = set_vendorid(iph1->natt_options->version);

          if (vid_natt)
                    plist = isakmp_plist_append(plist, vid_natt, ISAKMP_NPTYPE_VID);
#endif
#ifdef ENABLE_DPD
          if (iph1->dpd_support) {
                    vid_dpd = set_vendorid(VENDORID_DPD);
                    if (vid_dpd != NULL)
                              plist = isakmp_plist_append(plist, vid_dpd, ISAKMP_NPTYPE_VID);
          }
#endif
#ifdef ENABLE_FRAG
          if (iph1->frag) {
                    vid_frag = set_vendorid(VENDORID_FRAG);
                    if (vid_frag != NULL)
                              vid_frag = isakmp_frag_addcap(vid_frag,
                                  VENDORID_FRAG_IDENT);
                    if (vid_frag == NULL)
                              plog(LLV_ERROR, LOCATION, NULL,
                                  "Frag vendorID construction failed\n");
                    else
                              plist = isakmp_plist_append(plist,
                                   vid_frag, ISAKMP_NPTYPE_VID);
          }
#endif

          iph1->sendbuf = isakmp_plist_set_all (&plist, iph1);

#ifdef HAVE_PRINT_ISAKMP_C
          isakmp_printpacket(iph1->sendbuf, iph1->local, iph1->remote, 0);
#endif

          /* send the packet, add to the schedule to resend */
          if (isakmp_ph1send(iph1) == -1)
                    goto end;

          /* the sending message is added to the received-list. */
          if (add_recvdpkt(iph1->remote, iph1->local, iph1->sendbuf, msg) == -1) {
                    plog(LLV_ERROR , LOCATION, NULL,
                              "failed to add a response packet to the tree.\n");
                    goto end;
          }

          iph1->status = PHASE1ST_MSG1SENT;

          error = 0;

end:
#ifdef HAVE_GSSAPI
          if (free_gss_sa)
                    vfree(gss_sa);
#endif
#ifdef ENABLE_NATT
          if (vid_natt)
                    vfree(vid_natt);
#endif
#ifdef ENABLE_HYBRID
          if (vid_xauth != NULL)
                    vfree(vid_xauth);
          if (vid_unity != NULL)
                    vfree(vid_unity);
#endif
#ifdef ENABLE_DPD
          if (vid_dpd != NULL)
                    vfree(vid_dpd);
#endif
#ifdef ENABLE_FRAG
          if (vid_frag != NULL)
                    vfree(vid_frag);
#endif

          return error;
}

/*
 * receive from initiator
 *        psk: HDR, KE, Ni
 *        sig: HDR, KE, Ni
 *   gssapi: HDR, KE, Ni, GSSi
 *        rsa: HDR, KE, [ HASH(1), ] <IDi1_b>PubKey_r, <Ni_b>PubKey_r
 *        rev: HDR, [ HASH(1), ] <Ni_b>Pubkey_r, <KE_b>Ke_i,
 *                  <IDi1_b>Ke_i, [<<Cert-I_b>Ke_i]
 */
int
ident_r2recv(struct ph1handle *iph1, vchar_t *msg)
{
          vchar_t *pbuf = NULL;
          struct isakmp_parse_t *pa;
          int error = -1;
#ifdef HAVE_GSSAPI
          vchar_t *gsstoken = NULL;
#endif
#ifdef ENABLE_NATT
          int natd_seq = 0;
#endif

          /* validity check */
          if (iph1->status != PHASE1ST_MSG1SENT) {
                    plog(LLV_ERROR, LOCATION, NULL,
                              "status mismatched %d.\n", iph1->status);
                    goto end;
          }

          /* validate the type of next payload */
          pbuf = isakmp_parse(msg);
          if (pbuf == NULL)
                    goto end;

          for (pa = (struct isakmp_parse_t *)pbuf->v;
               pa->type != ISAKMP_NPTYPE_NONE;
               pa++) {
                    switch (pa->type) {
                    case ISAKMP_NPTYPE_KE:
                              if (isakmp_p2ph(&iph1->dhpub_p, pa->ptr) < 0)
                                        goto end;
                              break;
                    case ISAKMP_NPTYPE_NONCE:
                              if (isakmp_p2ph(&iph1->nonce_p, pa->ptr) < 0)
                                        goto end;
                              break;
                    case ISAKMP_NPTYPE_VID:
                              handle_vendorid(iph1, pa->ptr);
                              break;
                    case ISAKMP_NPTYPE_CR:
                              plog(LLV_WARNING, LOCATION, iph1->remote,
                                        "CR received, ignore it. "
                                        "It should be in other exchange.\n");
                              break;
#ifdef HAVE_GSSAPI
                    case ISAKMP_NPTYPE_GSS:
                              if (isakmp_p2ph(&gsstoken, pa->ptr) < 0)
                                        goto end;
                              gssapi_save_received_token(iph1, gsstoken);
                              break;
#endif

#ifdef ENABLE_NATT
                    case ISAKMP_NPTYPE_NATD_DRAFT:
                    case ISAKMP_NPTYPE_NATD_RFC:
                              if (NATT_AVAILABLE(iph1) && iph1->natt_options != NULL &&
                                        pa->type == iph1->natt_options->payload_nat_d)
                              {
                                        vchar_t *natd_received = NULL;
                                        int natd_verified;

                                        if (isakmp_p2ph (&natd_received, pa->ptr) < 0)
                                                  goto end;

                                        if (natd_seq == 0)
                                                  iph1->natt_flags |= NAT_DETECTED;

                                        natd_verified = natt_compare_addr_hash (iph1,
                                                  natd_received, natd_seq++);

                                        plog (LLV_INFO, LOCATION, NULL, "NAT-D payload #%d %s\n",
                                                  natd_seq - 1,
                                                  natd_verified ? "verified" : "doesn't match");

                                        vfree (natd_received);
                                        break;
                              }
                              /* passthrough to default... */
#endif
                              /*FALLTHROUGH*/
                    default:
                              /* don't send information, see ident_r1recv() */
                              plog(LLV_ERROR, LOCATION, iph1->remote,
                                        "ignore the packet, "
                                        "received unexpecting payload type %d.\n",
                                        pa->type);
                              goto end;
                    }
          }

#ifdef ENABLE_NATT
          if (NATT_AVAILABLE(iph1))
                    plog (LLV_INFO, LOCATION, NULL, "NAT %s %s%s\n",
                          iph1->natt_flags & NAT_DETECTED ?
                                        "detected:" : "not detected",
                          iph1->natt_flags & NAT_DETECTED_ME ? "ME " : "",
                          iph1->natt_flags & NAT_DETECTED_PEER ? "PEER" : "");
#endif

          /* payload existency check */
          if (iph1->dhpub_p == NULL || iph1->nonce_p == NULL) {
                    plog(LLV_ERROR, LOCATION, iph1->remote,
                              "few isakmp message received.\n");
                    goto end;
          }

          iph1->status = PHASE1ST_MSG2RECEIVED;

          error = 0;

end:
          if (pbuf)
                    vfree(pbuf);
#ifdef HAVE_GSSAPI
          if (gsstoken)
                    vfree(gsstoken);
#endif

          if (error) {
                    VPTRINIT(iph1->dhpub_p);
                    VPTRINIT(iph1->nonce_p);
                    VPTRINIT(iph1->id_p);
          }

          return error;
}

/*
 * send to initiator
 *        psk: HDR, KE, Nr
 *        sig: HDR, KE, Nr [, CR ]
 *   gssapi: HDR, KE, Nr, GSSr
 *        rsa: HDR, KE, <IDr1_b>PubKey_i, <Nr_b>PubKey_i
 *        rev: HDR, <Nr_b>PubKey_i, <KE_b>Ke_r, <IDr1_b>Ke_r,
 */
int
ident_r2send(struct ph1handle *iph1, vchar_t *msg)
{
          int error = -1;

          /* validity check */
          if (iph1->status != PHASE1ST_MSG2RECEIVED) {
                    plog(LLV_ERROR, LOCATION, NULL,
                              "status mismatched %d.\n", iph1->status);
                    goto end;
          }

          /* generate DH public value */
          if (oakley_dh_generate(iph1->approval->dhgrp,
                                        &iph1->dhpub, &iph1->dhpriv) < 0)
                    goto end;

          /* generate NONCE value */
          iph1->nonce = eay_set_random(RMCONF_NONCE_SIZE(iph1->rmconf));
          if (iph1->nonce == NULL)
                    goto end;

#ifdef HAVE_GSSAPI
          if (iph1->approval->authmethod == OAKLEY_ATTR_AUTH_METHOD_GSSAPI_KRB)
                    gssapi_get_rtoken(iph1, NULL);
#endif

          /* create HDR;KE;NONCE payload */
          iph1->sendbuf = ident_ir2mx(iph1);
          if (iph1->sendbuf == NULL)
                    goto end;

#ifdef HAVE_PRINT_ISAKMP_C
          isakmp_printpacket(iph1->sendbuf, iph1->local, iph1->remote, 0);
#endif

          /* send the packet, add to the schedule to resend */
          if (isakmp_ph1send(iph1) == -1)
                    goto end;

          /* the sending message is added to the received-list. */
          if (add_recvdpkt(iph1->remote, iph1->local, iph1->sendbuf, msg) == -1) {
                    plog(LLV_ERROR , LOCATION, NULL,
                              "failed to add a response packet to the tree.\n");
                    goto end;
          }

          /* compute sharing secret of DH */
          if (oakley_dh_compute(iph1->approval->dhgrp, iph1->dhpub,
                                        iph1->dhpriv, iph1->dhpub_p, &iph1->dhgxy) < 0)
                    goto end;

          /* generate SKEYIDs & IV & final cipher key */
          if (oakley_skeyid(iph1) < 0)
                    goto end;
          if (oakley_skeyid_dae(iph1) < 0)
                    goto end;
          if (oakley_compute_enckey(iph1) < 0)
                    goto end;
          if (oakley_newiv(iph1) < 0)
                    goto end;

          iph1->status = PHASE1ST_MSG2SENT;

          error = 0;

end:
          return error;
}

/*
 * receive from initiator
 *        psk: HDR*, IDi1, HASH_I
 *        sig: HDR*, IDi1, [ CR, ] [ CERT, ] SIG_I
 *   gssapi: HDR*, [ IDi1, ] < GSSi(n) | HASH_I >
 *        rsa: HDR*, HASH_I
 *        rev: HDR*, HASH_I
 */
int
ident_r3recv(struct ph1handle *iph1, vchar_t *msg0)
{
          vchar_t *msg = NULL;
          vchar_t *pbuf = NULL;
          struct isakmp_parse_t *pa;
          int error = -1;
          int type;
#ifdef HAVE_GSSAPI
          vchar_t *gsstoken = NULL;
#endif

          /* validity check */
          if (iph1->status != PHASE1ST_MSG2SENT) {
                    plog(LLV_ERROR, LOCATION, NULL,
                              "status mismatched %d.\n", iph1->status);
                    goto end;
          }

          /* decrypting */
          if (!ISSET(((struct isakmp *)msg0->v)->flags, ISAKMP_FLAG_E)) {
                    plog(LLV_ERROR, LOCATION, iph1->remote,
                              "reject the packet, "
                              "expecting the packet encrypted.\n");
                    goto end;
          }
          msg = oakley_do_decrypt(iph1, msg0, iph1->ivm->iv, iph1->ivm->ive);
          if (msg == NULL)
                    goto end;

          /* validate the type of next payload */
          pbuf = isakmp_parse(msg);
          if (pbuf == NULL)
                    goto end;

          iph1->pl_hash = NULL;

          for (pa = (struct isakmp_parse_t *)pbuf->v;
               pa->type != ISAKMP_NPTYPE_NONE;
               pa++) {

                    switch (pa->type) {
                    case ISAKMP_NPTYPE_ID:
                              if (isakmp_p2ph(&iph1->id_p, pa->ptr) < 0)
                                        goto end;
                              if (resolveph1rmconf(iph1) < 0)
                                        goto end;
                              break;
                    case ISAKMP_NPTYPE_HASH:
                              iph1->pl_hash = (struct isakmp_pl_hash *)pa->ptr;
                              break;
                    case ISAKMP_NPTYPE_CR:
                              if (oakley_savecr(iph1, pa->ptr) < 0)
                                        goto end;
                              break;
                    case ISAKMP_NPTYPE_CERT:
                              if (oakley_savecert(iph1, pa->ptr) < 0)
                                        goto end;
                              break;
                    case ISAKMP_NPTYPE_SIG:
                              if (isakmp_p2ph(&iph1->sig_p, pa->ptr) < 0)
                                        goto end;
                              break;
#ifdef HAVE_GSSAPI
                    case ISAKMP_NPTYPE_GSS:
                              if (isakmp_p2ph(&gsstoken, pa->ptr) < 0)
                                        goto end;
                              gssapi_save_received_token(iph1, gsstoken);
                              break;
#endif
                    case ISAKMP_NPTYPE_VID:
                              handle_vendorid(iph1, pa->ptr);
                              break;
                    case ISAKMP_NPTYPE_N:
                              ident_recv_n(iph1, pa->ptr);
                              break;
                    default:
                              /* don't send information, see ident_r1recv() */
                              plog(LLV_ERROR, LOCATION, iph1->remote,
                                        "ignore the packet, "
                                        "received unexpecting payload type %d.\n",
                                        pa->type);
                              goto end;
                    }
          }

          /* payload existency check */
          /* XXX same as ident_i4recv(), should be merged. */
    {
          int ng = 0;

          switch (iph1->approval->authmethod) {
          case OAKLEY_ATTR_AUTH_METHOD_PSKEY:
#ifdef ENABLE_HYBRID
          case OAKLEY_ATTR_AUTH_METHOD_XAUTH_PSKEY_R:
          case OAKLEY_ATTR_AUTH_METHOD_HYBRID_RSA_R:
          case OAKLEY_ATTR_AUTH_METHOD_HYBRID_DSS_R:
#endif
                    if (iph1->id_p == NULL || iph1->pl_hash == NULL)
                              ng++;
                    break;
          case OAKLEY_ATTR_AUTH_METHOD_DSSSIG:
          case OAKLEY_ATTR_AUTH_METHOD_RSASIG:
#ifdef ENABLE_HYBRID
          case OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSASIG_R:
          case OAKLEY_ATTR_AUTH_METHOD_XAUTH_DSSSIG_R:
#endif
                    if (iph1->id_p == NULL || iph1->sig_p == NULL)
                              ng++;
                    break;
          case OAKLEY_ATTR_AUTH_METHOD_RSAENC:
          case OAKLEY_ATTR_AUTH_METHOD_RSAREV:
#ifdef ENABLE_HYBRID
          case OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSAENC_R:
          case OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSAREV_R:
#endif
                    if (iph1->pl_hash == NULL)
                              ng++;
                    break;
#ifdef HAVE_GSSAPI
          case OAKLEY_ATTR_AUTH_METHOD_GSSAPI_KRB:
                    if (gsstoken == NULL && iph1->pl_hash == NULL)
                              ng++;
                    break;
#endif
          default:
                    plog(LLV_ERROR, LOCATION, iph1->remote,
                              "invalid authmethod %d why ?\n",
                              iph1->approval->authmethod);
                    goto end;
          }
          if (ng) {
                    plog(LLV_ERROR, LOCATION, iph1->remote,
                              "few isakmp message received.\n");
                    goto end;
          }
    }

          /* verify identifier */
          if (ipsecdoi_checkid1(iph1) != 0) {
                    plog(LLV_ERROR, LOCATION, iph1->remote,
                              "invalid ID payload.\n");
                    goto end;
          }

          /* validate authentication value */
#ifdef HAVE_GSSAPI
          if (gsstoken == NULL) {
#endif
                    type = oakley_validate_auth(iph1);
                    if (type != 0) {
                              if (type == -1) {
                                        /* msg printed inner oakley_validate_auth() */
                                        goto end;
                              }
                              evt_phase1(iph1, EVT_PHASE1_AUTH_FAILED, NULL);
                              isakmp_info_send_n1(iph1, type, NULL);
                              goto end;
                    }
#ifdef HAVE_GSSAPI
          }
#endif

          if (oakley_checkcr(iph1) < 0) {
                    /* Ignore this error in order to be interoperability. */
                    ;
          }

          /*
           * XXX: Should we do compare two addresses, ph1handle's and ID
           * payload's.
           */

          plog(LLV_DEBUG, LOCATION, iph1->remote, "peer's ID\n");
          plogdump(LLV_DEBUG, iph1->id_p->v, iph1->id_p->l);

          /* see handler.h about IV synchronization. */
          memcpy(iph1->ivm->iv->v, iph1->ivm->ive->v, iph1->ivm->ive->l);

#ifdef HAVE_GSSAPI
          iph1->status = gsstoken != NULL ? PHASE1ST_MSG2RECEIVED :
              PHASE1ST_MSG3RECEIVED;
#else
          iph1->status = PHASE1ST_MSG3RECEIVED;
#endif

          error = 0;

end:
          if (pbuf)
                    vfree(pbuf);
          if (msg)
                    vfree(msg);
#ifdef HAVE_GSSAPI
          if (gsstoken)
                    vfree(gsstoken);
#endif

          if (error) {
                    VPTRINIT(iph1->id_p);
                    VPTRINIT(iph1->cert_p);
                    VPTRINIT(iph1->crl_p);
                    VPTRINIT(iph1->sig_p);
                    VPTRINIT(iph1->cr_p);
          }

          return error;
}

/*
 * send to initiator
 *        psk: HDR*, IDr1, HASH_R
 *        sig: HDR*, IDr1, [ CERT, ] SIG_R
 *   gssapi: HDR*, IDr1, < GSSr(n) | HASH_R >
 *        rsa: HDR*, HASH_R
 *        rev: HDR*, HASH_R
 */
int
ident_r3send(struct ph1handle *iph1, vchar_t *msg)
{
          int error = -1;
          int dohash = 1;
#ifdef HAVE_GSSAPI
          int len;
#endif

          /* validity check */
          if (iph1->status != PHASE1ST_MSG3RECEIVED) {
                    plog(LLV_ERROR, LOCATION, NULL,
                              "status mismatched %d.\n", iph1->status);
                    goto end;
          }

          /* make ID payload into isakmp status */
          if (ipsecdoi_setid1(iph1) < 0)
                    goto end;

#ifdef HAVE_GSSAPI
          if (iph1->approval->authmethod == OAKLEY_ATTR_AUTH_METHOD_GSSAPI_KRB &&
              gssapi_more_tokens(iph1)) {
                    gssapi_get_rtoken(iph1, &len);
                    if (len != 0)
                              dohash = 0;
          }
#endif

          if (dohash) {
                    /* generate HASH to send */
                    plog(LLV_DEBUG, LOCATION, NULL, "generate HASH_R\n");
                    iph1->hash = oakley_ph1hash_common(iph1, GENERATE);
                    if (iph1->hash == NULL)
                              goto end;
          } else
                    iph1->hash = NULL;

          /* set encryption flag */
          iph1->flags |= ISAKMP_FLAG_E;

          /* create HDR;ID;HASH payload */
          iph1->sendbuf = ident_ir3mx(iph1);
          if (iph1->sendbuf == NULL)
                    goto end;

          /* send HDR;ID;HASH to responder */
          if (isakmp_send(iph1, iph1->sendbuf) < 0)
                    goto end;

          /* the sending message is added to the received-list. */
          if (add_recvdpkt(iph1->remote, iph1->local, iph1->sendbuf, msg) == -1) {
                    plog(LLV_ERROR , LOCATION, NULL,
                              "failed to add a response packet to the tree.\n");
                    goto end;
          }

          /* see handler.h about IV synchronization. */
          memcpy(iph1->ivm->ive->v, iph1->ivm->iv->v, iph1->ivm->iv->l);

          iph1->status = PHASE1ST_ESTABLISHED;

          error = 0;

end:

          return error;
}

/*
 * This is used in main mode for:
 * initiator's 3rd exchange send to responder
 *        psk: HDR, KE, Ni
 *        sig: HDR, KE, Ni
 *        rsa: HDR, KE, [ HASH(1), ] <IDi1_b>PubKey_r, <Ni_b>PubKey_r
 *        rev: HDR, [ HASH(1), ] <Ni_b>Pubkey_r, <KE_b>Ke_i,
 *                  <IDi1_b>Ke_i, [<<Cert-I_b>Ke_i]
 * responders 2nd exchnage send to initiator
 *        psk: HDR, KE, Nr
 *        sig: HDR, KE, Nr [, CR ]
 *        rsa: HDR, KE, <IDr1_b>PubKey_i, <Nr_b>PubKey_i
 *        rev: HDR, <Nr_b>PubKey_i, <KE_b>Ke_r, <IDr1_b>Ke_r,
 */
static vchar_t *
ident_ir2mx(struct ph1handle *iph1)
{
          vchar_t *buf = 0;
          struct payload_list *plist = NULL;
          vchar_t *vid = NULL;
          int error = -1;
#ifdef HAVE_GSSAPI
          vchar_t *gsstoken = NULL;
#endif
#ifdef ENABLE_NATT
          vchar_t *natd[2] = { NULL, NULL };
#endif

#ifdef HAVE_GSSAPI
          if (iph1->approval->authmethod == OAKLEY_ATTR_AUTH_METHOD_GSSAPI_KRB) {
                    if (gssapi_get_token_to_send(iph1, &gsstoken) < 0) {
                              plog(LLV_ERROR, LOCATION, NULL,
                                   "Failed to get gssapi token.\n");
                              goto end;
                    }
          }
#endif

          /* create isakmp KE payload */
          plist = isakmp_plist_append(plist, iph1->dhpub, ISAKMP_NPTYPE_KE);

          /* create isakmp NONCE payload */
          plist = isakmp_plist_append(plist, iph1->nonce, ISAKMP_NPTYPE_NONCE);

#ifdef HAVE_GSSAPI
          if (iph1->approval->authmethod == OAKLEY_ATTR_AUTH_METHOD_GSSAPI_KRB)
                    plist = isakmp_plist_append(plist, gsstoken, ISAKMP_NPTYPE_GSS);
#endif

          /* append vendor id, if needed */
          if (vid)
                    plist = isakmp_plist_append(plist, vid, ISAKMP_NPTYPE_VID);

          /* create CR if need */
          if (iph1->side == RESPONDER &&
              oakley_needcr(iph1->approval->authmethod))
                    plist = oakley_append_cr(plist, iph1);

#ifdef ENABLE_NATT
          /* generate and append NAT-D payloads */
          if (NATT_AVAILABLE(iph1) && iph1->status == PHASE1ST_MSG2RECEIVED)
          {
                    if ((natd[0] = natt_hash_addr (iph1, iph1->remote)) == NULL) {
                              plog(LLV_ERROR, LOCATION, NULL,
                                        "NAT-D hashing failed for %s\n", saddr2str(iph1->remote));
                              goto end;
                    }

                    if ((natd[1] = natt_hash_addr (iph1, iph1->local)) == NULL) {
                              plog(LLV_ERROR, LOCATION, NULL,
                                        "NAT-D hashing failed for %s\n", saddr2str(iph1->local));
                              goto end;
                    }

                    plog (LLV_INFO, LOCATION, NULL, "Adding remote and local NAT-D payloads.\n");
                    plist = isakmp_plist_append(plist, natd[0], iph1->natt_options->payload_nat_d);
                    plist = isakmp_plist_append(plist, natd[1], iph1->natt_options->payload_nat_d);
          }
#endif

          buf = isakmp_plist_set_all (&plist, iph1);

          error = 0;

end:
          if (error && buf != NULL) {
                    vfree(buf);
                    buf = NULL;
          }
#ifdef HAVE_GSSAPI
          if (gsstoken)
                    vfree(gsstoken);
#endif
          if (vid)
                    vfree(vid);

#ifdef ENABLE_NATT
          if (natd[0])
                    vfree(natd[0]);
          if (natd[1])
                    vfree(natd[1]);
#endif

          return buf;
}

/*
 * This is used in main mode for:
 * initiator's 4th exchange send to responder
 *        psk: HDR*, IDi1, HASH_I
 *        sig: HDR*, IDi1, [ CR, ] [ CERT, ] SIG_I
 *   gssapi: HDR*, [ IDi1, ] < GSSi(n) | HASH_I >
 *        rsa: HDR*, HASH_I
 *        rev: HDR*, HASH_I
 * responders 3rd exchnage send to initiator
 *        psk: HDR*, IDr1, HASH_R
 *        sig: HDR*, IDr1, [ CERT, ] SIG_R
 *   gssapi: HDR*, [ IDr1, ] < GSSr(n) | HASH_R >
 *        rsa: HDR*, HASH_R
 *        rev: HDR*, HASH_R
 */
static vchar_t *
ident_ir3mx(struct ph1handle *iph1)
{
          struct payload_list *plist = NULL;
          vchar_t *buf = NULL, *new = NULL;
          int need_cert = 0;
          int error = -1;
#ifdef HAVE_GSSAPI
          vchar_t *gsstoken = NULL;
          vchar_t *gsshash = NULL;
#endif

          switch (iph1->approval->authmethod) {
          case OAKLEY_ATTR_AUTH_METHOD_PSKEY:
#ifdef ENABLE_HYBRID
          case OAKLEY_ATTR_AUTH_METHOD_XAUTH_PSKEY_I:
          case OAKLEY_ATTR_AUTH_METHOD_XAUTH_PSKEY_R:
          case OAKLEY_ATTR_AUTH_METHOD_HYBRID_RSA_I:
          case OAKLEY_ATTR_AUTH_METHOD_HYBRID_DSS_I:
#endif
                    /* create isakmp ID payload */
                    plist = isakmp_plist_append(plist, iph1->id, ISAKMP_NPTYPE_ID);

                    /* create isakmp HASH payload */
                    plist = isakmp_plist_append(plist, iph1->hash, ISAKMP_NPTYPE_HASH);
                    break;
          case OAKLEY_ATTR_AUTH_METHOD_DSSSIG:
          case OAKLEY_ATTR_AUTH_METHOD_RSASIG:
#ifdef ENABLE_HYBRID
          case OAKLEY_ATTR_AUTH_METHOD_HYBRID_RSA_R:
          case OAKLEY_ATTR_AUTH_METHOD_HYBRID_DSS_R:
          case OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSASIG_I:
          case OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSASIG_R:
          case OAKLEY_ATTR_AUTH_METHOD_XAUTH_DSSSIG_I:
          case OAKLEY_ATTR_AUTH_METHOD_XAUTH_DSSSIG_R:
#endif
                    if (oakley_getmycert(iph1) < 0)
                              goto end;

                    if (oakley_getsign(iph1) < 0)
                              goto end;

                    if (iph1->cert != NULL && iph1->rmconf->send_cert)
                              need_cert = 1;

                    /* add ID payload */
                    plist = isakmp_plist_append(plist, iph1->id, ISAKMP_NPTYPE_ID);

                    /* add CERT payload if there */
                    if (need_cert)
                              plist = isakmp_plist_append(plist, iph1->cert,
                                                                ISAKMP_NPTYPE_CERT);
                    /* add SIG payload */
                    plist = isakmp_plist_append(plist, iph1->sig, ISAKMP_NPTYPE_SIG);

                    /* create isakmp CR payload */
                    if (iph1->side == INITIATOR &&
                        oakley_needcr(iph1->approval->authmethod))
                              plist = oakley_append_cr(plist, iph1);
                    break;
#ifdef HAVE_GSSAPI
          case OAKLEY_ATTR_AUTH_METHOD_GSSAPI_KRB:
                    if (iph1->hash != NULL) {
                              gsshash = gssapi_wraphash(iph1);
                              if (gsshash == NULL)
                                        goto end;
                    } else {
                              if (gssapi_get_token_to_send(iph1, &gsstoken) < 0) {
                                        plog(LLV_ERROR, LOCATION, NULL,
                                                  "Failed to get gssapi token.\n");
                                        goto end;
                              }
                    }

                    if (!gssapi_id_sent(iph1)) {
                              /* create isakmp ID payload */
                              plist = isakmp_plist_append(plist, iph1->id, ISAKMP_NPTYPE_ID);
                              gssapi_set_id_sent(iph1);
                    }

                    if (iph1->hash != NULL)
                              /* create isakmp HASH payload */
                              plist = isakmp_plist_append(plist, gsshash, ISAKMP_NPTYPE_HASH);
                    else
                              plist = isakmp_plist_append(plist, gsstoken, ISAKMP_NPTYPE_GSS);
                    break;
#endif
          case OAKLEY_ATTR_AUTH_METHOD_RSAENC:
          case OAKLEY_ATTR_AUTH_METHOD_RSAREV:
#ifdef ENABLE_HYBRID
          case OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSAENC_I:
          case OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSAENC_R:
          case OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSAREV_I:
          case OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSAREV_R:
#endif
                    plog(LLV_ERROR, LOCATION, NULL,
                              "not supported authentication type %d\n",
                              iph1->approval->authmethod);
                    goto end;
          default:
                    plog(LLV_ERROR, LOCATION, NULL,
                              "invalid authentication type %d\n",
                              iph1->approval->authmethod);
                    goto end;
          }

          buf = isakmp_plist_set_all (&plist, iph1);

#ifdef HAVE_PRINT_ISAKMP_C
          isakmp_printpacket(buf, iph1->local, iph1->remote, 1);
#endif

          /* encoding */
          new = oakley_do_encrypt(iph1, buf, iph1->ivm->ive, iph1->ivm->iv);
          if (new == NULL)
                    goto end;

          vfree(buf);

          buf = new;

          error = 0;

end:
#ifdef HAVE_GSSAPI
          if (gsstoken)
                    vfree(gsstoken);
#endif
          if (error && buf != NULL) {
                    vfree(buf);
                    buf = NULL;
          }

          return buf;
}

/*
 * handle a notification payload inside identity exchange.
 * called only when the packet has been verified to be encrypted.
 */
static int
ident_recv_n(struct ph1handle *iph1, struct isakmp_gen *gen)
{
          struct isakmp_pl_n *notify = (struct isakmp_pl_n *) gen;
          u_int type;

          type = ntohs(notify->type);
          switch (type) {
          case ISAKMP_NTYPE_INITIAL_CONTACT:
                    iph1->initial_contact_received = TRUE;
                    break;
          default:
                    isakmp_log_notify(iph1, notify, "identity exchange");
                    break;
          }
          return 0;
}