projects / strongswan.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
current state
[strongswan.git] / Source / charon / ike_sa.c
1 /**
2 * @file ike_sa.c
3 *
4 * @brief Class ike_sa_t. An object of this type is managed by an
5 * ike_sa_manager_t object and represents an IKE_SA
6 *
7 */
8
9 /*
10 * Copyright (C) 2005 Jan Hutter, Martin Willi
11 * Hochschule fuer Technik Rapperswil
12 *
13 * This program is free software; you can redistribute it and/or modify it
14 * under the terms of the GNU General Public License as published by the
15 * Free Software Foundation; either version 2 of the License, or (at your
16 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
17 *
18 * This program is distributed in the hope that it will be useful, but
19 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
20 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
21 * for more details.
22 */
23
24 #include "ike_sa.h"
25
26 #include "types.h"
27 #include "globals.h"
28 #include "definitions.h"
29 #include "utils/allocator.h"
30 #include "utils/linked_list.h"
31 #include "utils/logger_manager.h"
32 #include "utils/randomizer.h"
33 #include "transforms/diffie_hellman.h"
34 #include "payloads/sa_payload.h"
35 #include "payloads/nonce_payload.h"
36 #include "payloads/ke_payload.h"
37 #include "payloads/transform_substructure.h"
38 #include "payloads/transform_attribute.h"
39 #include "states/initiator_init.h"
40 #include "states/responder_init.h"
41
42
43
44
45 /**
46 * @brief implements function process_message of protected_ike_sa_t
47 */
48 static status_t process_message (protected_ike_sa_t *this, message_t *message)
49 {
50 u_int32_t message_id;
51 exchange_type_t exchange_type;
52 bool is_request;
53 status_t status;
54 state_t *new_state;
55
56 /* we must process each request or response from remote host */
57
58 /* find out type of message (request or response) */
59 is_request = message->get_request(message);
60 exchange_type = message->get_exchange_type(message);
61
62 this->logger->log(this->logger, CONTROL|MORE, "Process %s message of exchange type %s",(is_request) ? "REQUEST" : "RESPONSE",mapping_find(exchange_type_m,exchange_type));
63
64 message_id = message->get_message_id(message);
65
66 /*
67 * It has to be checked, if the message has to be resent cause of lost packets!
68 */
69 if (is_request && ( message_id == (this->message_id_in - 1)))
70 {
71 /* message can be resent ! */
72 this->logger->log(this->logger, CONTROL|MORE, "Resent message detected. Send stored reply");
73 return (this->resend_last_reply(this));
74 }
75
76 /* Now, the message id is checked for request AND reply */
77 if (is_request)
78 {
79 /* In a request, the message has to be this->message_id_in (other case is already handled) */
80 if (message_id != this->message_id_in)
81 {
82 this->logger->log(this->logger, ERROR | MORE, "Message request with message id %d received, but %d expected",message_id,this->message_id_in);
83 return FAILED;
84 }
85 }
86 else
87 {
88 /* In a reply, the message has to be this->message_id_out -1 cause it is the reply to the last sent message*/
89 if (message_id != (this->message_id_out - 1))
90 {
91 this->logger->log(this->logger, ERROR | MORE, "Message reply with message id %d received, but %d expected",message_id,this->message_id_in);
92 return FAILED;
93 }
94 }
95
96 /* now the message is processed by the current state object */
97 status = this->current_state->process_message(this->current_state,message,&new_state);
98 if (status == SUCCESS)
99 {
100 this->current_state = new_state;
101 }
102 return status;
103 }
104
105 /**
106 * @brief Implements function build_message of protected_ike_sa_t.
107 */
108 static status_t build_message(protected_ike_sa_t *this, exchange_type_t type, bool request, message_t **message)
109 {
110 status_t status;
111 message_t *new_message;
112 host_t *source, *destination;
113
114 this ->logger->log(this->logger, CONTROL|MORE, "build empty message");
115 new_message = message_create();
116 if (new_message == NULL)
117 {
118 this->logger->log(this->logger, ERROR, "Fatal error: could not create empty message object");
119 return OUT_OF_RES;
120 }
121
122 status = this->me.host->clone(this->me.host, &source);
123 if (status != SUCCESS)
124 {
125 this->logger->log(this->logger, ERROR, "Fatal error: could not clone my host information");
126 new_message->destroy(new_message);
127 return status;
128 }
129 status = this->other.host->clone(this->other.host, &destination);
130 if (status != SUCCESS)
131 {
132 this->logger->log(this->logger, ERROR, "Fatal error: could not clone other host information");
133 source->destroy(source);
134 new_message->destroy(new_message);
135 return status;
136 }
137
138 new_message->set_source(new_message, source);
139 new_message->set_destination(new_message, destination);
140
141 new_message->set_exchange_type(new_message, type);
142 new_message->set_request(new_message, request);
143
144 new_message->set_message_id(new_message, (request) ? this->message_id_out : this->message_id_in);
145
146 status = new_message->set_ike_sa_id(new_message, this->ike_sa_id);
147 if (status != SUCCESS)
148 {
149 this->logger->log(this->logger, ERROR, "Fatal error: could not set ike_sa_id of message");
150 new_message->destroy(new_message);
151 return status;
152 }
153
154 *message = new_message;
155
156 return SUCCESS;
157 }
158
159 /**
160 * @brief implements function process_configuration of protected_ike_sa_t
161 */
162 static status_t initialize_connection(protected_ike_sa_t *this, char *name)
163 {
164 /* work is done in state object of type INITIATOR_INIT */
165 initiator_init_t *current_state;
166 status_t status;
167 state_t *new_state;
168
169 if (this->current_state->get_state(this->current_state) != INITIATOR_INIT)
170 {
171 return FAILED;
172 }
173
174 current_state = (initiator_init_t *) this->current_state;
175
176 status = current_state->initiate_connection(current_state,name,&new_state);
177
178 if (status == SUCCESS)
179 {
180 this->current_state = new_state;
181 }
182 else
183 {
184 this->create_delete_job(this);
185 }
186 return status;
187 }
188
189 /**
190 * @brief implements function protected_ike_sa_t.get_id
191 */
192 static ike_sa_id_t* get_id(protected_ike_sa_t *this)
193 {
194 return this->ike_sa_id;
195 }
196
197 /**
198 * @brief implements function resend_last_reply of protected_ike_sa_t
199 */
200 status_t resend_last_reply (protected_ike_sa_t *this)
201 {
202 packet_t *packet;
203 status_t status;
204
205 status = this->last_responded_message->generate(this->last_responded_message, &packet);
206 if (status != SUCCESS)
207 {
208 this->logger->log(this->logger, ERROR, "Could not generate message to resent");
209 return status;
210 }
211
212 status = global_send_queue->add(global_send_queue, packet);
213 if (status != SUCCESS)
214 {
215 this->logger->log(this->logger, ERROR, "Could not add packet to send queue");
216 packet->destroy(packet);
217 return status;
218 }
219 return SUCCESS;
220 }
221
222 status_t create_delete_job (protected_ike_sa_t *this)
223 {
224 job_t *delete_job;
225 status_t status;
226
227 this->logger->log(this->logger, CONTROL | MORE, "Going to create job to delete this IKE_SA");
228
229 delete_job = (job_t *) delete_ike_sa_job_create(this->ike_sa_id);
230 if (delete_job == NULL)
231 {
232 this->logger->log(this->logger, ERROR, "Job to delete IKE SA could not be created");
233 return FAILED;
234 }
235
236 status = global_job_queue->add(global_job_queue,delete_job);
237 if (status != SUCCESS)
238 {
239 this->logger->log(this->logger, ERROR, "%s Job to delete IKE SA could not be added to job queue",mapping_find(status_m,status));
240 delete_job->destroy_all(delete_job);
241 return status;
242 }
243 return SUCCESS;
244 }
245
246 /**
247 * @brief implements function destroy of protected_ike_sa_t
248 */
249 static status_t destroy (protected_ike_sa_t *this)
250 {
251
252 this->logger->log(this->logger, CONTROL | MORE, "Going to destroy IKE_SA");
253
254 /* destroy child sa's */
255 this->logger->log(this->logger, CONTROL | MOST, "Destroy all child_sa's");
256 while (this->child_sas->get_count(this->child_sas) > 0)
257 {
258 void *child_sa;
259 if (this->child_sas->remove_first(this->child_sas,&child_sa) != SUCCESS)
260 {
261 break;
262 }
263 /* destroy child sa */
264 }
265 this->child_sas->destroy(this->child_sas);
266
267 /* destroy ike_sa_id */
268 this->logger->log(this->logger, CONTROL | MOST, "Destroy assigned ike_sa_id");
269 this->ike_sa_id->destroy(this->ike_sa_id);
270
271 /* destroy stored requested message */
272 if (this->last_requested_message != NULL)
273 {
274 this->logger->log(this->logger, CONTROL | MOST, "Destroy last requested message");
275 this->last_requested_message->destroy(this->last_requested_message);
276 }
277
278 /* destroy stored responded messages */
279 if (this->last_responded_message != NULL)
280 {
281 this->logger->log(this->logger, CONTROL | MOST, "Destroy last responded message");
282 this->last_responded_message->destroy(this->last_responded_message);
283 }
284
285 this->logger->log(this->logger, CONTROL | MOST, "Destroy randomizer");
286 this->randomizer->destroy(this->randomizer);
287
288 // if (this->me.host != NULL)
289 // {
290 // this->logger->log(this->logger, CONTROL | MOST, "Destroy host informations of me");
291 // this->me.host->destroy(this->me.host);
292 // }
293 //
294 // if (this->other.host != NULL)
295 // {
296 // this->logger->log(this->logger, CONTROL | MOST, "Destroy host informations of other");
297 // this->other.host->destroy(this->other.host);
298 // }
299 //
300 // this->logger->log(this->logger, CONTROL | MOST, "Destroy current state object");
301 // this->current_state->destroy(this->current_state);
302 //
303 // this->logger->log(this->logger, CONTROL | MOST, "Destroy logger of IKE_SA");
304 // global_logger_manager->destroy_logger(global_logger_manager, this->logger);
305 //
306 // allocator_free(this);
307 return SUCCESS;
308 }
309
310 /*
311 * Described in Header
312 */
313 ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id)
314 {
315 protected_ike_sa_t *this = allocator_alloc_thing(protected_ike_sa_t);
316 if (this == NULL)
317 {
318 return NULL;
319 }
320
321 /* Public functions */
322 this->public.process_message = (status_t(*)(ike_sa_t*, message_t*)) process_message;
323 this->public.initialize_connection = (status_t(*)(ike_sa_t*, char*)) initialize_connection;
324 this->public.get_id = (ike_sa_id_t*(*)(ike_sa_t*)) get_id;
325 this->public.destroy = (status_t(*)(ike_sa_t*))destroy;
326
327 /* private functions */
328 this->build_message = build_message;
329 this->resend_last_reply = resend_last_reply;
330 this->create_delete_job = create_delete_job;
331
332 /* initialize private fields */
333 this->logger = global_logger_manager->create_logger(global_logger_manager, IKE_SA, NULL);
334 if (this->logger == NULL)
335 {
336 allocator_free(this);
337 }
338
339 if (ike_sa_id->clone(ike_sa_id,&(this->ike_sa_id)) != SUCCESS)
340 {
341 this->logger->log(this->logger, ERROR, "Fatal error: Could not clone ike_sa_id");
342 global_logger_manager->destroy_logger(global_logger_manager,this->logger);
343 allocator_free(this);
344 return NULL;
345 }
346 this->child_sas = linked_list_create();
347 if (this->child_sas == NULL)
348 {
349 this->logger->log(this->logger, ERROR, "Fatal error: Could not create list for child_sa's");
350 this->ike_sa_id->destroy(this->ike_sa_id);
351 global_logger_manager->destroy_logger(global_logger_manager,this->logger);
352 allocator_free(this);
353 return NULL;
354 }
355 this->randomizer = randomizer_create();
356 if (this->randomizer == NULL)
357 {
358 this->logger->log(this->logger, ERROR, "Fatal error: Could not create list for child_sa's");
359 this->child_sas->destroy(this->child_sas);
360 this->ike_sa_id->destroy(this->ike_sa_id);
361 global_logger_manager->destroy_logger(global_logger_manager,this->logger);
362 allocator_free(this);
363 }
364
365 this->me.host = NULL;
366 this->other.host = NULL;
367 this->last_requested_message = NULL;
368 this->last_responded_message = NULL;
369 this->message_id_out = 0;
370 this->message_id_in = 0;
371
372
373 /* at creation time, IKE_SA is in a initiator state */
374 if (ike_sa_id->is_initiator(ike_sa_id))
375 {
376 this->current_state = (state_t *) initiator_init_create(this);
377 }
378 else
379 {
380 this->current_state = (state_t *) responder_init_create(this);
381 }
382
383
384 return (&this->public);
385 }
strongSwan - IPsec VPN