4 * @brief Implementation of ike_sa_t.
9 * Copyright (C) 2005 Jan Hutter, Martin Willi
10 * Hochschule fuer Technik Rapperswil
12 * This program is free software; you can redistribute it and/or modify it
13 * under the terms of the GNU General Public License as published by the
14 * Free Software Foundation; either version 2 of the License, or (at your
15 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
17 * This program is distributed in the hope that it will be useful, but
18 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
19 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
27 #include <definitions.h>
28 #include <utils/allocator.h>
29 #include <utils/linked_list.h>
30 #include <utils/logger_manager.h>
31 #include <utils/randomizer.h>
32 #include <transforms/diffie_hellman.h>
33 #include <transforms/prf_plus.h>
34 #include <transforms/crypters/crypter.h>
35 #include <encoding/payloads/sa_payload.h>
36 #include <encoding/payloads/nonce_payload.h>
37 #include <encoding/payloads/ke_payload.h>
38 #include <encoding/payloads/transform_substructure.h>
39 #include <encoding/payloads/transform_attribute.h>
40 #include <sa/states/initiator_init.h>
41 #include <sa/states/responder_init.h>
42 #include <queues/jobs/delete_ike_sa_job.h>
47 typedef struct private_ike_sa_t private_ike_sa_t
;
50 * Private data of an ike_sa_t object.
52 struct private_ike_sa_t
{
55 * Protected part of a ike_sa_t object.
57 protected_ike_sa_t
protected;
60 * Creates a job to delete the given IKE_SA.
62 * @param this calling object
64 status_t (*create_delete_job
) (private_ike_sa_t
*this);
67 * Resends the last sent reply.
69 * @param this calling object
71 status_t (*resend_last_reply
) (private_ike_sa_t
*this);
76 * Identifier for the current IKE_SA
78 ike_sa_id_t
*ike_sa_id
;
81 * Linked List containing the child sa's of the current IKE_SA
83 linked_list_t
*child_sas
;
88 init_config_t
*init_config
;
93 sa_config_t
*sa_config
;
96 * Current state of the IKE_SA
98 state_t
*current_state
;
101 * this SA's source for random data
103 randomizer_t
*randomizer
;
106 * contains the last responded message
109 message_t
*last_responded_message
;
112 * contains the last requested message
115 message_t
*last_requested_message
;
118 * Informations of this host
125 * Informations of the other host
132 * Crypter object for initiator
134 crypter_t
*crypter_initiator
;
137 * Crypter object for responder
139 crypter_t
*crypter_responder
;
142 * Signer object for initiator
144 signer_t
*signer_initiator
;
147 * Signer object for responder
149 signer_t
*signer_responder
;
163 * Key used for deriving other keys
168 * Key for authenticate (initiator)
173 * Key for authenticate (responder)
178 * Key for encryption (initiator)
183 * Key for encryption (responder)
188 * Key for generating auth payload (initiator)
193 * Key for generating auth payload (responder)
200 * next message id to receive
202 u_int32_t message_id_in
;
205 * next message id to send
207 u_int32_t message_id_out
;
210 * a logger for this IKE_SA
217 * Implements protected_ike_sa_t.process_message.
219 static status_t
process_message (private_ike_sa_t
*this, message_t
*message
)
221 u_int32_t message_id
;
222 exchange_type_t exchange_type
;
225 /* we must process each request or response from remote host */
227 /* find out type of message (request or response) */
228 is_request
= message
->get_request(message
);
229 exchange_type
= message
->get_exchange_type(message
);
231 this->logger
->log(this->logger
, CONTROL
, "Process %s message of exchange type %s",(is_request
) ?
"REQUEST" : "RESPONSE",mapping_find(exchange_type_m
,exchange_type
));
233 message_id
= message
->get_message_id(message
);
236 * It has to be checked, if the message has to be resent cause of lost packets!
238 if (is_request
&& (message_id
== (this->message_id_in
- 1)))
240 /* message can be resent ! */
241 this->logger
->log(this->logger
, CONTROL
|MORE
, "Resent message detected. Send stored reply");
242 return (this->resend_last_reply(this));
245 /* Now, the message id is checked for request AND reply */
248 /* In a request, the message has to be this->message_id_in (other case is already handled) */
249 if (message_id
!= this->message_id_in
)
251 this->logger
->log(this->logger
, ERROR
| MORE
, "Message request with message id %d received, but %d expected",message_id
,this->message_id_in
);
257 /* In a reply, the message has to be this->message_id_out -1 cause it is the reply to the last sent message*/
258 if (message_id
!= (this->message_id_out
- 1))
260 this->logger
->log(this->logger
, ERROR
| MORE
, "Message reply with message id %d received, but %d expected",message_id
,this->message_id_in
);
265 /* now the message is processed by the current state object */
266 /* the current state does change the current change to the next one*/
267 return this->current_state
->process_message(this->current_state
,message
);
271 * Implements protected_ike_sa_t.build_message.
273 static void build_message(private_ike_sa_t
*this, exchange_type_t type
, bool request
, message_t
**message
)
275 message_t
*new_message
;
276 host_t
*source
, *destination
;
278 this->logger
->log(this->logger
, CONTROL
|MORE
, "build empty message");
279 new_message
= message_create();
281 source
= this->me
.host
->clone(this->me
.host
);
282 destination
= this->other
.host
->clone(this->other
.host
);
284 new_message
->set_source(new_message
, source
);
285 new_message
->set_destination(new_message
, destination
);
286 new_message
->set_exchange_type(new_message
, type
);
287 new_message
->set_request(new_message
, request
);
288 new_message
->set_message_id(new_message
, (request
) ?
this->message_id_out
: this->message_id_in
);
289 new_message
->set_ike_sa_id(new_message
, this->ike_sa_id
);
290 *message
= new_message
;
294 * Implements protected_ike_sa_t.process_configuration.
296 static status_t
initialize_connection(private_ike_sa_t
*this, char *name
)
298 /* work is done in state object of type INITIATOR_INIT */
299 initiator_init_t
*current_state
;
302 if (this->current_state
->get_state(this->current_state
) != INITIATOR_INIT
)
307 current_state
= (initiator_init_t
*) this->current_state
;
309 status
= current_state
->initiate_connection(current_state
,name
);
315 * Implements protected_ike_sa_t.get_id.
317 static ike_sa_id_t
* get_id(private_ike_sa_t
*this)
319 return this->ike_sa_id
;
323 * Implements protected_ike_sa_t.compute_secrets.
325 static void compute_secrets(private_ike_sa_t
*this,chunk_t dh_shared_secret
,chunk_t initiator_nonce
, chunk_t responder_nonce
)
327 chunk_t concatenated_nonces
;
329 chunk_t prf_plus_seed
;
330 u_int64_t initiator_spi
;
331 u_int64_t responder_spi
;
332 prf_plus_t
*prf_plus
;
336 * TODO check length for specific prf's
338 concatenated_nonces
.len
= (initiator_nonce
.len
+ responder_nonce
.len
);
339 concatenated_nonces
.ptr
= allocator_alloc(concatenated_nonces
.len
);
341 /* first is initiator */
342 memcpy(concatenated_nonces
.ptr
,initiator_nonce
.ptr
,initiator_nonce
.len
);
343 /* second is responder */
344 memcpy(concatenated_nonces
.ptr
+ initiator_nonce
.len
,responder_nonce
.ptr
,responder_nonce
.len
);
346 this->logger
->log_chunk(this->logger
, RAW
, "Nonce data", &concatenated_nonces
);
348 /* status of set_key is not checked */
349 this->prf
->set_key(this->prf
,concatenated_nonces
);
351 this->prf
->allocate_bytes(this->prf
,dh_shared_secret
,&skeyseed
);
353 allocator_free_chunk(&concatenated_nonces
);
355 prf_plus_seed
.len
= (initiator_nonce
.len
+ responder_nonce
.len
+ 16);
356 prf_plus_seed
.ptr
= allocator_alloc(prf_plus_seed
.len
);
358 /* first is initiator */
359 memcpy(prf_plus_seed
.ptr
,initiator_nonce
.ptr
,initiator_nonce
.len
);
360 /* second is responder */
361 memcpy(prf_plus_seed
.ptr
+ initiator_nonce
.len
,responder_nonce
.ptr
,responder_nonce
.len
);
362 /* third is initiator spi */
363 initiator_spi
= this->ike_sa_id
->get_initiator_spi(this->ike_sa_id
);
364 memcpy(prf_plus_seed
.ptr
+ initiator_nonce
.len
+ responder_nonce
.len
,&initiator_spi
,8);
365 /* fourth is responder spi */
366 responder_spi
= this->ike_sa_id
->get_responder_spi(this->ike_sa_id
);
367 memcpy(prf_plus_seed
.ptr
+ initiator_nonce
.len
+ responder_nonce
.len
+ 8,&responder_spi
,8);
369 this->logger
->log_chunk(this->logger
, PRIVATE
| MORE
, "Keyseed", &skeyseed
);
370 this->logger
->log_chunk(this->logger
, PRIVATE
| MORE
, "PRF+ Seed", &prf_plus_seed
);
372 this->logger
->log(this->logger
, CONTROL
| MOST
, "Set new key of prf object");
373 this->prf
->set_key(this->prf
,skeyseed
);
374 allocator_free_chunk(&skeyseed
);
376 this->logger
->log(this->logger
, CONTROL
| MOST
, "Create new prf+ object");
377 prf_plus
= prf_plus_create(this->prf
, prf_plus_seed
);
378 allocator_free_chunk(&prf_plus_seed
);
380 prf_plus
->allocate_bytes(prf_plus
,this->prf
->get_block_size(this->prf
),&(this->secrets
.d_key
));
381 this->logger
->log_chunk(this->logger
, PRIVATE
, "Sk_d secret", &(this->secrets
.d_key
));
383 prf_plus
->allocate_bytes(prf_plus
,this->signer_initiator
->get_key_size(this->signer_initiator
),&(this->secrets
.ai_key
));
384 this->logger
->log_chunk(this->logger
, PRIVATE
, "Sk_ai secret", &(this->secrets
.ai_key
));
385 this->signer_initiator
->set_key(this->signer_initiator
,this->secrets
.ai_key
);
387 prf_plus
->allocate_bytes(prf_plus
,this->signer_responder
->get_key_size(this->signer_responder
),&(this->secrets
.ar_key
));
388 this->logger
->log_chunk(this->logger
, PRIVATE
, "Sk_ar secret", &(this->secrets
.ar_key
));
389 this->signer_responder
->set_key(this->signer_responder
,this->secrets
.ar_key
);
392 prf_plus
->allocate_bytes(prf_plus
,this->crypter_initiator
->get_block_size(this->crypter_initiator
),&(this->secrets
.ei_key
));
393 this->logger
->log_chunk(this->logger
, PRIVATE
, "Sk_ei secret", &(this->secrets
.ei_key
));
394 this->crypter_initiator
->set_key(this->crypter_initiator
,this->secrets
.ei_key
);
396 prf_plus
->allocate_bytes(prf_plus
,this->crypter_responder
->get_block_size(this->crypter_responder
),&(this->secrets
.er_key
));
397 this->logger
->log_chunk(this->logger
, PRIVATE
, "Sk_er secret", &(this->secrets
.er_key
));
398 this->crypter_responder
->set_key(this->crypter_responder
,this->secrets
.er_key
);
400 prf_plus
->allocate_bytes(prf_plus
,this->crypter_responder
->get_block_size(this->crypter_responder
),&(this->secrets
.pi_key
));
401 this->logger
->log_chunk(this->logger
, PRIVATE
, "Sk_pi secret", &(this->secrets
.pi_key
));
403 prf_plus
->allocate_bytes(prf_plus
,this->crypter_responder
->get_block_size(this->crypter_responder
),&(this->secrets
.pr_key
));
404 this->logger
->log_chunk(this->logger
, PRIVATE
, "Sk_pr secret", &(this->secrets
.pr_key
));
406 prf_plus
->destroy(prf_plus
);
410 * Implements protected_ike_sa_t.resend_last_reply.
412 static status_t
resend_last_reply(private_ike_sa_t
*this)
417 status
= this->last_responded_message
->generate(this->last_responded_message
, NULL
, NULL
, &packet
);
418 if (status
!= SUCCESS
)
420 this->logger
->log(this->logger
, ERROR
, "Could not generate message to resent");
424 charon
->send_queue
->add(charon
->send_queue
, packet
);
429 * Implements protected_ike_sa_t.resend_last_reply.
431 static status_t
create_delete_job(private_ike_sa_t
*this)
435 this->logger
->log(this->logger
, CONTROL
| MORE
, "Going to create job to delete this IKE_SA");
437 delete_job
= (job_t
*) delete_ike_sa_job_create(this->ike_sa_id
);
438 charon
->job_queue
->add(charon
->job_queue
,delete_job
);
444 * Implementation of protected_ike_sa_t.set_new_state.
446 static void set_new_state (private_ike_sa_t
*this, state_t
*state
)
448 this->logger
->log(this->logger
, ERROR
, "Change current state %s to %s",mapping_find(ike_sa_state_m
,this->current_state
->get_state(this->current_state
)),mapping_find(ike_sa_state_m
,state
->get_state(state
)));
449 this->current_state
= state
;
453 * Implementation of protected_ike_sa_t.get_logger.
455 static logger_t
*get_logger (private_ike_sa_t
*this)
461 * Implementation of protected_ike_sa_t.get_my_host.
463 static host_t
*get_my_host (private_ike_sa_t
*this)
465 return this->me
.host
;
469 * Implementation of protected_ike_sa_t.get_other_host.
471 static host_t
*get_other_host (private_ike_sa_t
*this)
473 return this->other
.host
;
477 * Implementation of protected_ike_sa_t.get_init_config.
479 static init_config_t
*get_init_config (private_ike_sa_t
*this)
481 return this->init_config
;
485 * Implementation of protected_ike_sa_t.set_init_config.
487 static void set_init_config (private_ike_sa_t
*this,init_config_t
* init_config
)
489 this->init_config
= init_config
;
493 * Implementation of protected_ike_sa_t.get_sa_config.
495 static sa_config_t
*get_sa_config (private_ike_sa_t
*this)
497 return this->sa_config
;
501 * Implementation of protected_ike_sa_t.set_sa_config.
503 static void set_sa_config (private_ike_sa_t
*this,sa_config_t
* sa_config
)
505 this->sa_config
= sa_config
;
509 * Implementation of protected_ike_sa_t.set_my_host.
511 static void set_my_host (private_ike_sa_t
*this, host_t
*my_host
)
513 this->me
.host
= my_host
;
517 * Implementation of protected_ike_sa_t.set_other_host.
519 static void set_other_host (private_ike_sa_t
*this, host_t
*other_host
)
521 this->other
.host
= other_host
;
525 * Implementation of protected_ike_sa_t.set_prf.
527 static status_t
create_transforms_from_proposal (private_ike_sa_t
*this,ike_proposal_t
*proposal
)
529 this->logger
->log(this->logger
, CONTROL
|MORE
, "Going to create transform objects for proposal");
531 this->logger
->log(this->logger
, CONTROL
|MORE
, "Encryption algorithm: %s with keylength %d",mapping_find(encryption_algorithm_m
,proposal
->encryption_algorithm
),proposal
->encryption_algorithm_key_length
);
532 this->logger
->log(this->logger
, CONTROL
|MORE
, "integrity algorithm: %s with keylength %d",mapping_find(integrity_algorithm_m
,proposal
->integrity_algorithm
),proposal
->integrity_algorithm_key_length
);
533 this->logger
->log(this->logger
, CONTROL
|MORE
, "prf: %s with keylength %d",mapping_find(pseudo_random_function_m
,proposal
->pseudo_random_function
),proposal
->pseudo_random_function_key_length
);
535 if (this->prf
!= NULL
)
537 this->prf
->destroy(this->prf
);
539 this->prf
= prf_create(proposal
->pseudo_random_function
);
540 if (this->prf
== NULL
)
542 this->logger
->log(this->logger
, ERROR
|MORE
, "prf not supported!");
546 if (this->crypter_initiator
!= NULL
)
548 this->crypter_initiator
->destroy(this->crypter_initiator
);
550 this->crypter_initiator
= crypter_create(proposal
->encryption_algorithm
,proposal
->encryption_algorithm_key_length
);
551 if (this->crypter_initiator
== NULL
)
553 this->logger
->log(this->logger
, ERROR
|MORE
, "encryption algorithm not supported!");
557 if (this->crypter_responder
!= NULL
)
559 this->crypter_responder
->destroy(this->crypter_responder
);
561 this->crypter_responder
= crypter_create(proposal
->encryption_algorithm
,proposal
->encryption_algorithm_key_length
);
562 if (this->crypter_responder
== NULL
)
564 this->logger
->log(this->logger
, ERROR
|MORE
, "encryption algorithm not supported!");
568 if (this->signer_initiator
!= NULL
)
570 this->signer_initiator
->destroy(this->signer_initiator
);
572 this->signer_initiator
= signer_create(proposal
->integrity_algorithm
);
573 if (this->signer_initiator
== NULL
)
575 this->logger
->log(this->logger
, ERROR
|MORE
, "integrity algorithm not supported!");
579 if (this->signer_responder
!= NULL
)
581 this->signer_responder
->destroy(this->signer_responder
);
583 this->signer_responder
= signer_create(proposal
->integrity_algorithm
);
584 if (this->signer_responder
== NULL
)
586 this->logger
->log(this->logger
, ERROR
|MORE
, "integrity algorithm not supported!");
594 * Implementation of protected_ike_sa_t.get_randomizer.
596 static randomizer_t
*get_randomizer (private_ike_sa_t
*this)
598 return this->randomizer
;
602 * Implementation of protected_ike_sa_t.get_crypter_initiator.
604 static crypter_t
*get_crypter_initiator (private_ike_sa_t
*this)
606 return this->crypter_initiator
;
610 * Implementation of protected_ike_sa_t.get_signer_initiator.
612 static signer_t
*get_signer_initiator (private_ike_sa_t
*this)
614 return this->signer_initiator
;
618 * Implementation of protected_ike_sa_t.set_last_requested_message.
620 static status_t
set_last_requested_message (private_ike_sa_t
*this,message_t
* message
)
622 if (this->last_requested_message
!= NULL
)
624 /* destroy message */
625 this->last_requested_message
->destroy(this->last_requested_message
);
628 if (message
->get_message_id(message
) != this->message_id_out
)
630 this->logger
->log(this->logger
, CONTROL
|MOST
, "last requested message could not be set cause id was not as expected");
633 this->logger
->log(this->logger
, CONTROL
|MOST
, "replace last requested message with new one");
634 this->last_requested_message
= message
;
636 /* message counter can now be increased */
637 this->logger
->log(this->logger
, CONTROL
|MOST
, "Increate message counter for outgoing messages");
638 this->message_id_out
++;
643 * Implementation of protected_ike_sa_t.set_last_responded_message.
645 static status_t
set_last_responded_message (private_ike_sa_t
*this,message_t
* message
)
647 if (this->last_responded_message
!= NULL
)
649 /* destroy message */
650 this->last_responded_message
->destroy(this->last_responded_message
);
652 if (message
->get_message_id(message
) != this->message_id_in
)
654 this->logger
->log(this->logger
, CONTROL
|MOST
, "last responded message could not be set cause id was not as expected");
658 this->logger
->log(this->logger
, CONTROL
|MOST
, "replace last responded message with new one");
659 this->last_responded_message
= message
;
661 /* message counter can now be increased */
662 this->logger
->log(this->logger
, CONTROL
|MOST
, "Increate message counter for incoming messages");
663 this->message_id_in
++;
670 * Implements protected_ike_sa_t.destroy.
672 static void destroy (private_ike_sa_t
*this)
674 this->logger
->log(this->logger
, CONTROL
| MORE
, "Going to destroy IKE_SA");
676 /* destroy child sa's */
677 this->logger
->log(this->logger
, CONTROL
| MOST
, "Destroy all child_sa's");
678 while (this->child_sas
->get_count(this->child_sas
) > 0)
681 if (this->child_sas
->remove_first(this->child_sas
, &child_sa
) != SUCCESS
)
685 /* destroy child sa */
687 this->child_sas
->destroy(this->child_sas
);
689 this->logger
->log(this->logger
, CONTROL
| MOST
, "Destroy secrets");
691 allocator_free(this->secrets
.d_key
.ptr
);
692 allocator_free(this->secrets
.ai_key
.ptr
);
693 allocator_free(this->secrets
.ar_key
.ptr
);
694 allocator_free(this->secrets
.ei_key
.ptr
);
695 allocator_free(this->secrets
.er_key
.ptr
);
696 allocator_free(this->secrets
.pi_key
.ptr
);
697 allocator_free(this->secrets
.pr_key
.ptr
);
699 if (this->crypter_initiator
!= NULL
)
701 this->crypter_initiator
->destroy(this->crypter_initiator
);
704 if (this->crypter_responder
!= NULL
)
706 this->crypter_responder
->destroy(this->crypter_responder
);
709 if (this->signer_initiator
!= NULL
)
711 this->signer_initiator
->destroy(this->signer_initiator
);
714 if (this->signer_responder
!= NULL
)
716 this->signer_responder
->destroy(this->signer_responder
);
719 if (this->prf
!= NULL
)
721 this->prf
->destroy(this->prf
);
724 /* destroy ike_sa_id */
725 this->ike_sa_id
->destroy(this->ike_sa_id
);
727 /* destroy stored requested message */
728 if (this->last_requested_message
!= NULL
)
730 this->last_requested_message
->destroy(this->last_requested_message
);
733 /* destroy stored host_t objects */
734 if (this->me
.host
!= NULL
)
736 this->me
.host
->destroy(this->me
.host
);
739 /* destroy stored host_t objects */
740 if (this->other
.host
!= NULL
)
742 this->other
.host
->destroy(this->other
.host
);
746 /* destroy stored responded messages */
747 if (this->last_responded_message
!= NULL
)
749 this->last_responded_message
->destroy(this->last_responded_message
);
752 this->randomizer
->destroy(this->randomizer
);
754 this->logger
->log(this->logger
, CONTROL
| MOST
, "Destroy current state object");
755 this->current_state
->destroy(this->current_state
);
757 this->logger
->log(this->logger
, CONTROL
| MOST
, "Destroy logger of IKE_SA");
758 charon
->logger_manager
->destroy_logger(charon
->logger_manager
, this->logger
);
760 allocator_free(this);
764 * Described in Header
766 ike_sa_t
* ike_sa_create(ike_sa_id_t
*ike_sa_id
)
768 private_ike_sa_t
*this = allocator_alloc_thing(private_ike_sa_t
);
770 /* Public functions */
771 this->protected.public.process_message
= (status_t(*)(ike_sa_t
*, message_t
*)) process_message
;
772 this->protected.public.initialize_connection
= (status_t(*)(ike_sa_t
*, char*)) initialize_connection
;
773 this->protected.public.get_id
= (ike_sa_id_t
*(*)(ike_sa_t
*)) get_id
;
774 this->protected.public.destroy
= (void(*)(ike_sa_t
*))destroy
;
776 /* protected functions */
777 this->protected.build_message
= (void (*) (protected_ike_sa_t
*, exchange_type_t
, bool , message_t
**)) build_message
;
778 this->protected.compute_secrets
= (void (*) (protected_ike_sa_t
*,chunk_t
,chunk_t
, chunk_t
)) compute_secrets
;
779 this->protected.get_logger
= (logger_t
*(*) (protected_ike_sa_t
*)) get_logger
;
780 this->protected.set_init_config
= (void (*) (protected_ike_sa_t
*,init_config_t
*)) set_init_config
;
781 this->protected.get_init_config
= (init_config_t
*(*) (protected_ike_sa_t
*)) get_init_config
;
782 this->protected.set_sa_config
= (void (*) (protected_ike_sa_t
*,sa_config_t
*)) set_sa_config
;
783 this->protected.get_sa_config
= (sa_config_t
*(*) (protected_ike_sa_t
*)) get_sa_config
;
784 this->protected.get_my_host
= (host_t
*(*) (protected_ike_sa_t
*)) get_my_host
;
785 this->protected.get_other_host
= (host_t
*(*) (protected_ike_sa_t
*)) get_other_host
;
786 this->protected.set_my_host
= (void(*) (protected_ike_sa_t
*,host_t
*)) set_my_host
;
787 this->protected.set_other_host
= (void(*) (protected_ike_sa_t
*, host_t
*)) set_other_host
;
788 this->protected.get_randomizer
= (randomizer_t
*(*) (protected_ike_sa_t
*)) get_randomizer
;
789 this->protected.set_last_requested_message
= (status_t (*) (protected_ike_sa_t
*,message_t
*)) set_last_requested_message
;
790 this->protected.set_last_responded_message
= (status_t (*) (protected_ike_sa_t
*,message_t
*)) set_last_responded_message
;
791 this->protected.create_transforms_from_proposal
= (status_t (*) (protected_ike_sa_t
*,ike_proposal_t
*)) create_transforms_from_proposal
;
792 this->protected.set_new_state
= (void (*) (protected_ike_sa_t
*,state_t
*)) set_new_state
;
793 this->protected.get_crypter_initiator
= (crypter_t
*(*) (protected_ike_sa_t
*)) get_crypter_initiator
;
794 this->protected.get_signer_initiator
= (signer_t
*(*) (protected_ike_sa_t
*)) get_signer_initiator
;
796 /* private functions */
797 this->resend_last_reply
= resend_last_reply
;
798 this->create_delete_job
= create_delete_job
;
803 /* initialize private fields */
804 this->logger
= charon
->logger_manager
->create_logger(charon
->logger_manager
, IKE_SA
, NULL
);
806 this->ike_sa_id
= ike_sa_id
->clone(ike_sa_id
);
807 this->child_sas
= linked_list_create();
808 this->randomizer
= randomizer_create();
810 this->me
.host
= NULL
;
811 this->other
.host
= NULL
;
812 this->last_requested_message
= NULL
;
813 this->last_responded_message
= NULL
;
814 this->message_id_out
= 0;
815 this->message_id_in
= 0;
816 this->secrets
.d_key
= CHUNK_INITIALIZER
;
817 this->secrets
.ai_key
= CHUNK_INITIALIZER
;
818 this->secrets
.ar_key
= CHUNK_INITIALIZER
;
819 this->secrets
.ei_key
= CHUNK_INITIALIZER
;
820 this->secrets
.er_key
= CHUNK_INITIALIZER
;
821 this->secrets
.pi_key
= CHUNK_INITIALIZER
;
822 this->secrets
.pr_key
= CHUNK_INITIALIZER
;
823 this->crypter_initiator
= NULL
;
824 this->crypter_responder
= NULL
;
825 this->signer_initiator
= NULL
;
826 this->signer_responder
= NULL
;
828 this->init_config
= NULL
;
829 this->sa_config
= NULL
;
831 /* at creation time, IKE_SA is in a initiator state */
832 if (ike_sa_id
->is_initiator(ike_sa_id
))
834 this->current_state
= (state_t
*) initiator_init_create(&(this->protected));
838 this->current_state
= (state_t
*) responder_init_create(&(this->protected));
840 return &(this->protected.public);