60e6086783324c74b192bf309fc1249f82bad9a5
[strongswan.git] / Source / charon / sa / ike_sa.c
1 /**
2 * @file ike_sa.c
3 *
4 * @brief Implementation of ike_sa_t.
5 *
6 */
7
8 /*
9 * Copyright (C) 2005 Jan Hutter, Martin Willi
10 * Hochschule fuer Technik Rapperswil
11 *
12 * This program is free software; you can redistribute it and/or modify it
13 * under the terms of the GNU General Public License as published by the
14 * Free Software Foundation; either version 2 of the License, or (at your
15 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
16 *
17 * This program is distributed in the hope that it will be useful, but
18 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
19 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
20 * for more details.
21 */
22
23 #include "ike_sa.h"
24
25 #include <types.h>
26 #include <daemon.h>
27 #include <definitions.h>
28 #include <utils/allocator.h>
29 #include <utils/linked_list.h>
30 #include <utils/logger_manager.h>
31 #include <utils/randomizer.h>
32 #include <transforms/diffie_hellman.h>
33 #include <transforms/prf_plus.h>
34 #include <transforms/crypters/crypter.h>
35 #include <encoding/payloads/sa_payload.h>
36 #include <encoding/payloads/nonce_payload.h>
37 #include <encoding/payloads/ke_payload.h>
38 #include <encoding/payloads/transform_substructure.h>
39 #include <encoding/payloads/transform_attribute.h>
40 #include <sa/states/initiator_init.h>
41 #include <sa/states/responder_init.h>
42 #include <queues/jobs/delete_ike_sa_job.h>
43
44
45
46
47 typedef struct private_ike_sa_t private_ike_sa_t;
48
49 /**
50 * Private data of an ike_sa_t object.
51 */
52 struct private_ike_sa_t {
53
54 /**
55 * Protected part of a ike_sa_t object.
56 */
57 protected_ike_sa_t protected;
58
59 /**
60 * Creates a job to delete the given IKE_SA.
61 *
62 * @param this calling object
63 */
64 status_t (*create_delete_job) (private_ike_sa_t *this);
65
66 /**
67 * Resends the last sent reply.
68 *
69 * @param this calling object
70 */
71 status_t (*resend_last_reply) (private_ike_sa_t *this);
72
73 /* private values */
74
75 /**
76 * Identifier for the current IKE_SA
77 */
78 ike_sa_id_t *ike_sa_id;
79
80 /**
81 * Linked List containing the child sa's of the current IKE_SA
82 */
83 linked_list_t *child_sas;
84
85 /**
86 * Current state of the IKE_SA
87 */
88 state_t *current_state;
89
90 /**
91 * this SA's source for random data
92 */
93 randomizer_t *randomizer;
94
95 /**
96 * contains the last responded message
97 *
98 */
99 message_t *last_responded_message;
100
101 /**
102 * contains the last requested message
103 *
104 */
105 message_t *last_requested_message;
106
107 /**
108 * Informations of this host
109 */
110 struct {
111 host_t *host;
112 } me;
113
114 /**
115 * Informations of the other host
116 */
117 struct {
118 host_t *host;
119 } other;
120
121 /**
122 * Crypter object for initiator
123 */
124 crypter_t *crypter_initiator;
125
126 /**
127 * Crypter object for responder
128 */
129 crypter_t *crypter_responder;
130
131 /**
132 * Signer object for initiator
133 */
134 signer_t *signer_initiator;
135
136 /**
137 * Signer object for responder
138 */
139 signer_t *signer_responder;
140
141 /**
142 * prf function
143 */
144 prf_t *prf;
145
146
147
148 /**
149 * Shared secrets
150 */
151 struct {
152 /**
153 * Key used for deriving other keys
154 */
155 chunk_t d_key;
156
157 /**
158 * Key for authenticate (initiator)
159 */
160 chunk_t ai_key;
161
162 /**
163 * Key for authenticate (responder)
164 */
165 chunk_t ar_key;
166
167 /**
168 * Key for encryption (initiator)
169 */
170 chunk_t ei_key;
171
172 /**
173 * Key for encryption (responder)
174 */
175 chunk_t er_key;
176
177 /**
178 * Key for generating auth payload (initiator)
179 */
180 chunk_t pi_key;
181
182 /**
183 * Key for generating auth payload (responder)
184 */
185 chunk_t pr_key;
186
187 } secrets;
188
189 /**
190 * next message id to receive
191 */
192 u_int32_t message_id_in;
193
194 /**
195 * next message id to send
196 */
197 u_int32_t message_id_out;
198
199 /**
200 * a logger for this IKE_SA
201 */
202 logger_t *logger;
203 };
204
205
206 /**
207 * Implements protected_ike_sa_t.process_message.
208 */
209 static status_t process_message (private_ike_sa_t *this, message_t *message)
210 {
211 u_int32_t message_id;
212 exchange_type_t exchange_type;
213 bool is_request;
214
215 /* we must process each request or response from remote host */
216
217 /* find out type of message (request or response) */
218 is_request = message->get_request(message);
219 exchange_type = message->get_exchange_type(message);
220
221 this->logger->log(this->logger, CONTROL, "Process %s message of exchange type %s",(is_request) ? "REQUEST" : "RESPONSE",mapping_find(exchange_type_m,exchange_type));
222
223 message_id = message->get_message_id(message);
224
225 /*
226 * It has to be checked, if the message has to be resent cause of lost packets!
227 */
228 if (is_request && (message_id == (this->message_id_in - 1)))
229 {
230 /* message can be resent ! */
231 this->logger->log(this->logger, CONTROL|MORE, "Resent message detected. Send stored reply");
232 return (this->resend_last_reply(this));
233 }
234
235 /* Now, the message id is checked for request AND reply */
236 if (is_request)
237 {
238 /* In a request, the message has to be this->message_id_in (other case is already handled) */
239 if (message_id != this->message_id_in)
240 {
241 this->logger->log(this->logger, ERROR | MORE, "Message request with message id %d received, but %d expected",message_id,this->message_id_in);
242 return FAILED;
243 }
244 }
245 else
246 {
247 /* In a reply, the message has to be this->message_id_out -1 cause it is the reply to the last sent message*/
248 if (message_id != (this->message_id_out - 1))
249 {
250 this->logger->log(this->logger, ERROR | MORE, "Message reply with message id %d received, but %d expected",message_id,this->message_id_in);
251 return FAILED;
252 }
253 }
254
255 /* now the message is processed by the current state object */
256 /* the current state does change the current change to the next one*/
257 return this->current_state->process_message(this->current_state,message);
258 }
259
260 /**
261 * Implements protected_ike_sa_t.build_message.
262 */
263 static void build_message(private_ike_sa_t *this, exchange_type_t type, bool request, message_t **message)
264 {
265 message_t *new_message;
266 host_t *source, *destination;
267
268 this->logger->log(this->logger, CONTROL|MORE, "build empty message");
269 new_message = message_create();
270
271 source = this->me.host->clone(this->me.host);
272 destination = this->other.host->clone(this->other.host);
273
274 new_message->set_source(new_message, source);
275 new_message->set_destination(new_message, destination);
276 new_message->set_exchange_type(new_message, type);
277 new_message->set_request(new_message, request);
278 new_message->set_message_id(new_message, (request) ? this->message_id_out : this->message_id_in);
279 new_message->set_ike_sa_id(new_message, this->ike_sa_id);
280 *message = new_message;
281 }
282
283 /**
284 * Implements protected_ike_sa_t.process_configuration.
285 */
286 static status_t initialize_connection(private_ike_sa_t *this, char *name)
287 {
288 /* work is done in state object of type INITIATOR_INIT */
289 initiator_init_t *current_state;
290 status_t status;
291
292 if (this->current_state->get_state(this->current_state) != INITIATOR_INIT)
293 {
294 return FAILED;
295 }
296
297 current_state = (initiator_init_t *) this->current_state;
298
299 status = current_state->initiate_connection(current_state,name);
300
301 if (status != SUCCESS)
302 {
303 this->create_delete_job(this);
304 }
305 return status;
306 }
307
308 /**
309 * Implements protected_ike_sa_t.get_id.
310 */
311 static ike_sa_id_t* get_id(private_ike_sa_t *this)
312 {
313 return this->ike_sa_id;
314 }
315
316 /**
317 * Implements protected_ike_sa_t.compute_secrets.
318 */
319 static void compute_secrets(private_ike_sa_t *this,chunk_t dh_shared_secret,chunk_t initiator_nonce, chunk_t responder_nonce)
320 {
321 chunk_t concatenated_nonces;
322 chunk_t skeyseed;
323 chunk_t prf_plus_seed;
324 u_int64_t initiator_spi;
325 u_int64_t responder_spi;
326 prf_plus_t *prf_plus;
327
328
329 /*
330 * TODO check length for specific prf's
331 */
332 concatenated_nonces.len = (initiator_nonce.len + responder_nonce.len);
333 concatenated_nonces.ptr = allocator_alloc(concatenated_nonces.len);
334
335 /* first is initiator */
336 memcpy(concatenated_nonces.ptr,initiator_nonce.ptr,initiator_nonce.len);
337 /* second is responder */
338 memcpy(concatenated_nonces.ptr + initiator_nonce.len,responder_nonce.ptr,responder_nonce.len);
339
340 this->logger->log_chunk(this->logger, RAW, "Nonce data", &concatenated_nonces);
341
342 /* status of set_key is not checked */
343 this->prf->set_key(this->prf,concatenated_nonces);
344
345 this->prf->allocate_bytes(this->prf,dh_shared_secret,&skeyseed);
346
347 allocator_free_chunk(&concatenated_nonces);
348
349 prf_plus_seed.len = (initiator_nonce.len + responder_nonce.len + 16);
350 prf_plus_seed.ptr = allocator_alloc(prf_plus_seed.len);
351
352 /* first is initiator */
353 memcpy(prf_plus_seed.ptr,initiator_nonce.ptr,initiator_nonce.len);
354 /* second is responder */
355 memcpy(prf_plus_seed.ptr + initiator_nonce.len,responder_nonce.ptr,responder_nonce.len);
356 /* third is initiator spi */
357 initiator_spi = this->ike_sa_id->get_initiator_spi(this->ike_sa_id);
358 memcpy(prf_plus_seed.ptr + initiator_nonce.len + responder_nonce.len,&initiator_spi,8);
359 /* fourth is responder spi */
360 responder_spi = this->ike_sa_id->get_responder_spi(this->ike_sa_id);
361 memcpy(prf_plus_seed.ptr + initiator_nonce.len + responder_nonce.len + 8,&responder_spi,8);
362
363 this->logger->log_chunk(this->logger, PRIVATE | MORE, "Keyseed", &skeyseed);
364 this->logger->log_chunk(this->logger, PRIVATE | MORE, "PRF+ Seed", &prf_plus_seed);
365
366 this->logger->log(this->logger, CONTROL | MOST, "Set new key of prf object");
367 this->prf->set_key(this->prf,skeyseed);
368 allocator_free_chunk(&skeyseed);
369
370 this->logger->log(this->logger, CONTROL | MOST, "Create new prf+ object");
371 prf_plus = prf_plus_create(this->prf, prf_plus_seed);
372 allocator_free_chunk(&prf_plus_seed);
373
374 prf_plus->allocate_bytes(prf_plus,this->prf->get_block_size(this->prf),&(this->secrets.d_key));
375 this->logger->log_chunk(this->logger, PRIVATE, "Sk_d secret", &(this->secrets.d_key));
376
377 prf_plus->allocate_bytes(prf_plus,this->signer_initiator->get_key_size(this->signer_initiator),&(this->secrets.ai_key));
378 this->logger->log_chunk(this->logger, PRIVATE, "Sk_ai secret", &(this->secrets.ai_key));
379 this->signer_initiator->set_key(this->signer_initiator,this->secrets.ai_key);
380
381 prf_plus->allocate_bytes(prf_plus,this->signer_responder->get_key_size(this->signer_responder),&(this->secrets.ar_key));
382 this->logger->log_chunk(this->logger, PRIVATE, "Sk_ar secret", &(this->secrets.ar_key));
383 this->signer_responder->set_key(this->signer_responder,this->secrets.ar_key);
384
385
386 prf_plus->allocate_bytes(prf_plus,this->crypter_initiator->get_block_size(this->crypter_initiator),&(this->secrets.ei_key));
387 this->logger->log_chunk(this->logger, PRIVATE, "Sk_ei secret", &(this->secrets.ei_key));
388 this->crypter_initiator->set_key(this->crypter_initiator,this->secrets.ei_key);
389
390 prf_plus->allocate_bytes(prf_plus,this->crypter_responder->get_block_size(this->crypter_responder),&(this->secrets.er_key));
391 this->logger->log_chunk(this->logger, PRIVATE, "Sk_er secret", &(this->secrets.er_key));
392 this->crypter_responder->set_key(this->crypter_responder,this->secrets.er_key);
393
394 prf_plus->allocate_bytes(prf_plus,this->crypter_responder->get_block_size(this->crypter_responder),&(this->secrets.pi_key));
395 this->logger->log_chunk(this->logger, PRIVATE, "Sk_pi secret", &(this->secrets.pi_key));
396
397 prf_plus->allocate_bytes(prf_plus,this->crypter_responder->get_block_size(this->crypter_responder),&(this->secrets.pr_key));
398 this->logger->log_chunk(this->logger, PRIVATE, "Sk_pr secret", &(this->secrets.pr_key));
399
400 prf_plus->destroy(prf_plus);
401 }
402
403 /**
404 * Implements protected_ike_sa_t.resend_last_reply.
405 */
406 static status_t resend_last_reply(private_ike_sa_t *this)
407 {
408 packet_t *packet;
409 status_t status;
410
411 status = this->last_responded_message->generate(this->last_responded_message, NULL, NULL, &packet);
412 if (status != SUCCESS)
413 {
414 this->logger->log(this->logger, ERROR, "Could not generate message to resent");
415 return status;
416 }
417
418 charon->send_queue->add(charon->send_queue, packet);
419 return SUCCESS;
420 }
421
422 /**
423 * Implements protected_ike_sa_t.resend_last_reply.
424 */
425 static status_t create_delete_job(private_ike_sa_t *this)
426 {
427 job_t *delete_job;
428
429 this->logger->log(this->logger, CONTROL | MORE, "Going to create job to delete this IKE_SA");
430
431 delete_job = (job_t *) delete_ike_sa_job_create(this->ike_sa_id);
432 charon->job_queue->add(charon->job_queue,delete_job);
433
434 return SUCCESS;
435 }
436
437 /**
438 * Implementation of protected_ike_sa_t.set_new_state.
439 */
440 static void set_new_state (private_ike_sa_t *this, state_t *state)
441 {
442 this->logger->log(this->logger, ERROR, "Change current state %s to %s",mapping_find(ike_sa_state_m,this->current_state->get_state(this->current_state)),mapping_find(ike_sa_state_m,state->get_state(state)));
443 this->current_state = state;
444 }
445
446 /**
447 * Implementation of protected_ike_sa_t.get_logger.
448 */
449 static logger_t *get_logger (private_ike_sa_t *this)
450 {
451 return this->logger;
452 }
453
454 /**
455 * Implementation of protected_ike_sa_t.get_my_host.
456 */
457 static host_t *get_my_host (private_ike_sa_t *this)
458 {
459 return this->me.host;
460 }
461
462 /**
463 * Implementation of protected_ike_sa_t.get_other_host.
464 */
465 static host_t *get_other_host (private_ike_sa_t *this)
466 {
467 return this->other.host;
468 }
469
470 /**
471 * Implementation of protected_ike_sa_t.set_my_host.
472 */
473 static void set_my_host (private_ike_sa_t *this, host_t *my_host)
474 {
475 if (this->me.host != NULL)
476 {
477 this ->logger->log(this->logger, CONTROL|MOST, "Destroy existing my host object");
478 this->me.host->destroy(this->me.host);
479 }
480 this->me.host = my_host;
481 }
482
483 /**
484 * Implementation of protected_ike_sa_t.set_other_host.
485 */
486 static void set_other_host (private_ike_sa_t *this, host_t *other_host)
487 {
488 if (this->other.host != NULL)
489 {
490 this ->logger->log(this->logger, CONTROL|MOST, "Destroy existing other host object");
491 this->other.host->destroy(this->other.host);
492 }
493 this->other.host = other_host;
494 }
495
496 /**
497 * Implementation of protected_ike_sa_t.set_prf.
498 */
499 static status_t create_transforms_from_proposal (private_ike_sa_t *this,proposal_substructure_t *proposal)
500 {
501 status_t status;
502 u_int16_t encryption_algorithm;
503 u_int16_t encryption_algorithm_key_length;
504 u_int16_t integrity_algorithm;
505 u_int16_t integrity_algorithm_key_length;
506 u_int16_t pseudo_random_function;
507 u_int16_t pseudo_random_function_key_length;
508
509 this->logger->log(this->logger, CONTROL|MORE, "Going to create transform objects for proposal");
510
511 this->logger->log(this->logger, CONTROL|MOST, "Get encryption transform type");
512 status = proposal->get_info_for_transform_type(proposal,ENCRYPTION_ALGORITHM,&(encryption_algorithm),&(encryption_algorithm_key_length));
513 if (status != SUCCESS)
514 {
515 this->logger->log(this->logger, ERROR|MORE, "Could not get encryption transform type");
516 return status;
517 }
518 this->logger->log(this->logger, CONTROL|MORE, "Encryption algorithm: %s with keylength %d",mapping_find(encryption_algorithm_m,encryption_algorithm),encryption_algorithm_key_length);
519
520 this->logger->log(this->logger, CONTROL|MOST, "Get integrity transform type");
521 status = proposal->get_info_for_transform_type(proposal,INTEGRITY_ALGORITHM,&(integrity_algorithm),&(integrity_algorithm_key_length));
522 if (status != SUCCESS)
523 {
524 this->logger->log(this->logger, ERROR|MORE, "Could not get integrity transform type");
525 return status;
526 }
527 this->logger->log(this->logger, CONTROL|MORE, "integrity algorithm: %s with keylength %d",mapping_find(integrity_algorithm_m,integrity_algorithm),integrity_algorithm_key_length);
528
529 this->logger->log(this->logger, CONTROL|MOST, "Get prf transform type");
530 status = proposal->get_info_for_transform_type(proposal,PSEUDO_RANDOM_FUNCTION,&(pseudo_random_function),&(pseudo_random_function_key_length));
531 if (status != SUCCESS)
532 {
533 this->logger->log(this->logger, ERROR|MORE, "Could not prf transform type");
534 return status;
535 }
536 this->logger->log(this->logger, CONTROL|MORE, "prf: %s with keylength %d",mapping_find(pseudo_random_function_m,pseudo_random_function),pseudo_random_function_key_length);
537
538 if (this->prf != NULL)
539 {
540 this->prf->destroy(this->prf);
541 }
542 this->prf = prf_create(pseudo_random_function);
543 if (this->prf == NULL)
544 {
545 this->logger->log(this->logger, ERROR|MORE, "prf not supported!");
546 return FAILED;
547 }
548
549 if (this->crypter_initiator != NULL)
550 {
551 this->crypter_initiator->destroy(this->crypter_initiator);
552 }
553 this->crypter_initiator = crypter_create(encryption_algorithm,encryption_algorithm_key_length);
554 if (this->crypter_initiator == NULL)
555 {
556 this->logger->log(this->logger, ERROR|MORE, "encryption algorithm not supported!");
557 return FAILED;
558 }
559
560 if (this->crypter_responder != NULL)
561 {
562 this->crypter_responder->destroy(this->crypter_responder);
563 }
564 this->crypter_responder = crypter_create(encryption_algorithm,encryption_algorithm_key_length);
565 if (this->crypter_responder == NULL)
566 {
567 this->logger->log(this->logger, ERROR|MORE, "encryption algorithm not supported!");
568 return FAILED;
569 }
570
571 if (this->signer_initiator != NULL)
572 {
573 this->signer_initiator->destroy(this->signer_initiator);
574 }
575 this->signer_initiator = signer_create(integrity_algorithm);
576 if (this->signer_initiator == NULL)
577 {
578 this->logger->log(this->logger, ERROR|MORE, "integrity algorithm not supported!");
579 return FAILED;
580 }
581
582 if (this->signer_responder != NULL)
583 {
584 this->signer_responder->destroy(this->signer_responder);
585 }
586 this->signer_responder = signer_create(integrity_algorithm);
587 if (this->signer_responder == NULL)
588 {
589 this->logger->log(this->logger, ERROR|MORE, "integrity algorithm not supported!");
590 return FAILED;
591 }
592
593 return SUCCESS;
594 }
595
596 /**
597 * Implementation of protected_ike_sa_t.get_randomizer.
598 */
599 static randomizer_t *get_randomizer (private_ike_sa_t *this)
600 {
601 return this->randomizer;
602 }
603
604 /**
605 * Implementation of protected_ike_sa_t.get_crypter_initiator.
606 */
607 static crypter_t *get_crypter_initiator (private_ike_sa_t *this)
608 {
609 return this->crypter_initiator;
610 }
611
612 /**
613 * Implementation of protected_ike_sa_t.get_signer_initiator.
614 */
615 static signer_t *get_signer_initiator (private_ike_sa_t *this)
616 {
617 return this->signer_initiator;
618 }
619
620 /**
621 * Implementation of protected_ike_sa_t.set_last_requested_message.
622 */
623 static status_t set_last_requested_message (private_ike_sa_t *this,message_t * message)
624 {
625 if (this->last_requested_message != NULL)
626 {
627 /* destroy message */
628 this->last_requested_message->destroy(this->last_requested_message);
629 }
630
631 if (message->get_message_id(message) != this->message_id_out)
632 {
633 this->logger->log(this->logger, CONTROL|MOST, "last requested message could not be set cause id was not as expected");
634 return FAILED;
635 }
636 this->logger->log(this->logger, CONTROL|MOST, "replace last requested message with new one");
637 this->last_requested_message = message;
638
639 /* message counter can now be increased */
640 this->logger->log(this->logger, CONTROL|MOST, "Increate message counter for outgoing messages");
641 this->message_id_out++;
642 return SUCCESS;
643 }
644
645 /**
646 * Implementation of protected_ike_sa_t.set_last_responded_message.
647 */
648 static status_t set_last_responded_message (private_ike_sa_t *this,message_t * message)
649 {
650 if (this->last_responded_message != NULL)
651 {
652 /* destroy message */
653 this->last_responded_message->destroy(this->last_responded_message);
654 }
655 if (message->get_message_id(message) != this->message_id_in)
656 {
657 this->logger->log(this->logger, CONTROL|MOST, "last responded message could not be set cause id was not as expected");
658 return FAILED;
659
660 }
661 this->logger->log(this->logger, CONTROL|MOST, "replace last responded message with new one");
662 this->last_responded_message = message;
663
664 /* message counter can now be increased */
665 this->logger->log(this->logger, CONTROL|MOST, "Increate message counter for incoming messages");
666 this->message_id_in++;
667
668 return SUCCESS;
669 }
670
671
672 /**
673 * Implements protected_ike_sa_t.destroy.
674 */
675 static void destroy (private_ike_sa_t *this)
676 {
677 this->logger->log(this->logger, CONTROL | MORE, "Going to destroy IKE_SA");
678
679 /* destroy child sa's */
680 this->logger->log(this->logger, CONTROL | MOST, "Destroy all child_sa's");
681 while (this->child_sas->get_count(this->child_sas) > 0)
682 {
683 void *child_sa;
684 if (this->child_sas->remove_first(this->child_sas, &child_sa) != SUCCESS)
685 {
686 break;
687 }
688 /* destroy child sa */
689 }
690 this->child_sas->destroy(this->child_sas);
691
692 this->logger->log(this->logger, CONTROL | MOST, "Destroy secrets");
693
694 allocator_free(this->secrets.d_key.ptr);
695 allocator_free(this->secrets.ai_key.ptr);
696 allocator_free(this->secrets.ar_key.ptr);
697 allocator_free(this->secrets.ei_key.ptr);
698 allocator_free(this->secrets.er_key.ptr);
699 allocator_free(this->secrets.pi_key.ptr);
700 allocator_free(this->secrets.pr_key.ptr);
701
702 if (this->crypter_initiator != NULL)
703 {
704 this->crypter_initiator->destroy(this->crypter_initiator);
705 }
706
707 if (this->crypter_responder != NULL)
708 {
709 this->crypter_responder->destroy(this->crypter_responder);
710 }
711
712 if (this->signer_initiator != NULL)
713 {
714 this->signer_initiator->destroy(this->signer_initiator);
715 }
716
717 if (this->signer_responder != NULL)
718 {
719 this->signer_responder->destroy(this->signer_responder);
720 }
721
722 if (this->prf != NULL)
723 {
724 this->prf->destroy(this->prf);
725 }
726
727 /* destroy ike_sa_id */
728 this->ike_sa_id->destroy(this->ike_sa_id);
729
730 /* destroy stored requested message */
731 if (this->last_requested_message != NULL)
732 {
733 this->last_requested_message->destroy(this->last_requested_message);
734 }
735
736 /* destroy stored responded messages */
737 if (this->last_responded_message != NULL)
738 {
739 this->last_responded_message->destroy(this->last_responded_message);
740 }
741
742 this->randomizer->destroy(this->randomizer);
743
744 if (this->me.host != NULL)
745 {
746 this->me.host->destroy(this->me.host);
747 }
748
749 if (this->other.host != NULL)
750 {
751 this->other.host->destroy(this->other.host);
752 }
753
754 this->logger->log(this->logger, CONTROL | MOST, "Destroy current state object");
755 this->current_state->destroy(this->current_state);
756
757 this->logger->log(this->logger, CONTROL | MOST, "Destroy logger of IKE_SA");
758 charon->logger_manager->destroy_logger(charon->logger_manager, this->logger);
759
760 allocator_free(this);
761 }
762
763 /*
764 * Described in Header
765 */
766 ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id)
767 {
768 private_ike_sa_t *this = allocator_alloc_thing(private_ike_sa_t);
769
770 /* Public functions */
771 this->protected.public.process_message = (status_t(*)(ike_sa_t*, message_t*)) process_message;
772 this->protected.public.initialize_connection = (status_t(*)(ike_sa_t*, char*)) initialize_connection;
773 this->protected.public.get_id = (ike_sa_id_t*(*)(ike_sa_t*)) get_id;
774 this->protected.public.destroy = (void(*)(ike_sa_t*))destroy;
775
776 /* protected functions */
777 this->protected.build_message = (void (*) (protected_ike_sa_t *, exchange_type_t , bool , message_t **)) build_message;
778 this->protected.compute_secrets = (void (*) (protected_ike_sa_t *,chunk_t ,chunk_t , chunk_t )) compute_secrets;
779 this->protected.get_logger = (logger_t *(*) (protected_ike_sa_t *)) get_logger;
780 this->protected.get_my_host = (host_t *(*) (protected_ike_sa_t *)) get_my_host;
781 this->protected.get_other_host = (host_t *(*) (protected_ike_sa_t *)) get_other_host;
782 this->protected.set_my_host = (void(*) (protected_ike_sa_t *,host_t *)) set_my_host;
783 this->protected.set_other_host = (void(*) (protected_ike_sa_t *, host_t *)) set_other_host;
784 this->protected.get_randomizer = (randomizer_t *(*) (protected_ike_sa_t *)) get_randomizer;
785 this->protected.set_last_requested_message = (status_t (*) (protected_ike_sa_t *,message_t *)) set_last_requested_message;
786 this->protected.set_last_responded_message = (status_t (*) (protected_ike_sa_t *,message_t *)) set_last_responded_message;
787 this->protected.create_transforms_from_proposal = (status_t (*) (protected_ike_sa_t *,proposal_substructure_t *)) create_transforms_from_proposal;
788 this->protected.set_new_state = (void (*) (protected_ike_sa_t *,state_t *)) set_new_state;
789 this->protected.get_crypter_initiator = (crypter_t *(*) (protected_ike_sa_t *)) get_crypter_initiator;
790 this->protected.get_signer_initiator = (signer_t *(*) (protected_ike_sa_t *)) get_signer_initiator;
791
792 /* private functions */
793 this->resend_last_reply = resend_last_reply;
794 this->create_delete_job = create_delete_job;
795
796
797
798
799 /* initialize private fields */
800 this->logger = charon->logger_manager->create_logger(charon->logger_manager, IKE_SA, NULL);
801
802 this->ike_sa_id = ike_sa_id->clone(ike_sa_id);
803 this->child_sas = linked_list_create();
804 this->randomizer = randomizer_create();
805
806 this->me.host = NULL;
807 this->other.host = NULL;
808 this->last_requested_message = NULL;
809 this->last_responded_message = NULL;
810 this->message_id_out = 0;
811 this->message_id_in = 0;
812 this->secrets.d_key = CHUNK_INITIALIZER;
813 this->secrets.ai_key = CHUNK_INITIALIZER;
814 this->secrets.ar_key = CHUNK_INITIALIZER;
815 this->secrets.ei_key = CHUNK_INITIALIZER;
816 this->secrets.er_key = CHUNK_INITIALIZER;
817 this->secrets.pi_key = CHUNK_INITIALIZER;
818 this->secrets.pr_key = CHUNK_INITIALIZER;
819 this->crypter_initiator = NULL;
820 this->crypter_responder = NULL;
821 this->signer_initiator = NULL;
822 this->signer_responder = NULL;
823 this->prf = NULL;
824
825 /* at creation time, IKE_SA is in a initiator state */
826 if (ike_sa_id->is_initiator(ike_sa_id))
827 {
828 this->current_state = (state_t *) initiator_init_create(&(this->protected));
829 }
830 else
831 {
832 this->current_state = (state_t *) responder_init_create(&(this->protected));
833 }
834 return &(this->protected.public);
835 }