- state ike_auth_requested
[strongswan.git] / Source / charon / sa / ike_sa.c
1 /**
2 * @file ike_sa.c
3 *
4 * @brief Implementation of ike_sa_t.
5 *
6 */
7
8 /*
9 * Copyright (C) 2005 Jan Hutter, Martin Willi
10 * Hochschule fuer Technik Rapperswil
11 *
12 * This program is free software; you can redistribute it and/or modify it
13 * under the terms of the GNU General Public License as published by the
14 * Free Software Foundation; either version 2 of the License, or (at your
15 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
16 *
17 * This program is distributed in the hope that it will be useful, but
18 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
19 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
20 * for more details.
21 */
22
23 #include "ike_sa.h"
24
25 #include <types.h>
26 #include <daemon.h>
27 #include <definitions.h>
28 #include <utils/allocator.h>
29 #include <utils/linked_list.h>
30 #include <utils/logger_manager.h>
31 #include <utils/randomizer.h>
32 #include <transforms/diffie_hellman.h>
33 #include <transforms/prf_plus.h>
34 #include <transforms/crypters/crypter.h>
35 #include <encoding/payloads/sa_payload.h>
36 #include <encoding/payloads/nonce_payload.h>
37 #include <encoding/payloads/ke_payload.h>
38 #include <encoding/payloads/transform_substructure.h>
39 #include <encoding/payloads/transform_attribute.h>
40 #include <sa/states/initiator_init.h>
41 #include <sa/states/responder_init.h>
42 #include <queues/jobs/delete_ike_sa_job.h>
43
44
45
46
47 typedef struct private_ike_sa_t private_ike_sa_t;
48
49 /**
50 * Private data of an ike_sa_t object.
51 */
52 struct private_ike_sa_t {
53
54 /**
55 * Protected part of a ike_sa_t object.
56 */
57 protected_ike_sa_t protected;
58
59 /**
60 * Creates a job to delete the given IKE_SA.
61 *
62 * @param this calling object
63 */
64 status_t (*create_delete_job) (private_ike_sa_t *this);
65
66 /**
67 * Resends the last sent reply.
68 *
69 * @param this calling object
70 */
71 status_t (*resend_last_reply) (private_ike_sa_t *this);
72
73 /* private values */
74
75 /**
76 * Identifier for the current IKE_SA
77 */
78 ike_sa_id_t *ike_sa_id;
79
80 /**
81 * Linked List containing the child sa's of the current IKE_SA
82 */
83 linked_list_t *child_sas;
84
85 /**
86 * TODO
87 */
88 init_config_t *init_config;
89
90 /**
91 * TODO
92 */
93 sa_config_t *sa_config;
94
95 /**
96 * Current state of the IKE_SA
97 */
98 state_t *current_state;
99
100 /**
101 * this SA's source for random data
102 */
103 randomizer_t *randomizer;
104
105 /**
106 * contains the last responded message
107 *
108 */
109 message_t *last_responded_message;
110
111 /**
112 * contains the last requested message
113 *
114 */
115 message_t *last_requested_message;
116
117 /**
118 * Informations of this host
119 */
120 struct {
121 host_t *host;
122 } me;
123
124 /**
125 * Informations of the other host
126 */
127 struct {
128 host_t *host;
129 } other;
130
131 /**
132 * Crypter object for initiator
133 */
134 crypter_t *crypter_initiator;
135
136 /**
137 * Crypter object for responder
138 */
139 crypter_t *crypter_responder;
140
141 /**
142 * Signer object for initiator
143 */
144 signer_t *signer_initiator;
145
146 /**
147 * Signer object for responder
148 */
149 signer_t *signer_responder;
150
151 /**
152 * prf function
153 */
154 prf_t *prf;
155
156
157
158 /**
159 * Shared secrets
160 */
161 struct {
162 /**
163 * Key used for deriving other keys
164 */
165 chunk_t d_key;
166
167 /**
168 * Key for authenticate (initiator)
169 */
170 chunk_t ai_key;
171
172 /**
173 * Key for authenticate (responder)
174 */
175 chunk_t ar_key;
176
177 /**
178 * Key for encryption (initiator)
179 */
180 chunk_t ei_key;
181
182 /**
183 * Key for encryption (responder)
184 */
185 chunk_t er_key;
186
187 /**
188 * Key for generating auth payload (initiator)
189 */
190 chunk_t pi_key;
191
192 /**
193 * Key for generating auth payload (responder)
194 */
195 chunk_t pr_key;
196
197 } secrets;
198
199 /**
200 * next message id to receive
201 */
202 u_int32_t message_id_in;
203
204 /**
205 * next message id to send
206 */
207 u_int32_t message_id_out;
208
209 /**
210 * a logger for this IKE_SA
211 */
212 logger_t *logger;
213 };
214
215
216 /**
217 * Implements protected_ike_sa_t.process_message.
218 */
219 static status_t process_message (private_ike_sa_t *this, message_t *message)
220 {
221 u_int32_t message_id;
222 exchange_type_t exchange_type;
223 bool is_request;
224
225 /* we must process each request or response from remote host */
226
227 /* find out type of message (request or response) */
228 is_request = message->get_request(message);
229 exchange_type = message->get_exchange_type(message);
230
231 this->logger->log(this->logger, CONTROL, "Process %s message of exchange type %s",(is_request) ? "REQUEST" : "RESPONSE",mapping_find(exchange_type_m,exchange_type));
232
233 message_id = message->get_message_id(message);
234
235 /*
236 * It has to be checked, if the message has to be resent cause of lost packets!
237 */
238 if (is_request && (message_id == (this->message_id_in - 1)))
239 {
240 /* message can be resent ! */
241 this->logger->log(this->logger, CONTROL|MORE, "Resent message detected. Send stored reply");
242 return (this->resend_last_reply(this));
243 }
244
245 /* Now, the message id is checked for request AND reply */
246 if (is_request)
247 {
248 /* In a request, the message has to be this->message_id_in (other case is already handled) */
249 if (message_id != this->message_id_in)
250 {
251 this->logger->log(this->logger, ERROR | MORE, "Message request with message id %d received, but %d expected",message_id,this->message_id_in);
252 return FAILED;
253 }
254 }
255 else
256 {
257 /* In a reply, the message has to be this->message_id_out -1 cause it is the reply to the last sent message*/
258 if (message_id != (this->message_id_out - 1))
259 {
260 this->logger->log(this->logger, ERROR | MORE, "Message reply with message id %d received, but %d expected",message_id,this->message_id_in);
261 return FAILED;
262 }
263 }
264
265 /* now the message is processed by the current state object */
266 /* the current state does change the current change to the next one*/
267 return this->current_state->process_message(this->current_state,message);
268 }
269
270 /**
271 * Implements protected_ike_sa_t.build_message.
272 */
273 static void build_message(private_ike_sa_t *this, exchange_type_t type, bool request, message_t **message)
274 {
275 message_t *new_message;
276 host_t *source, *destination;
277
278 this->logger->log(this->logger, CONTROL|MORE, "build empty message");
279 new_message = message_create();
280
281 source = this->me.host->clone(this->me.host);
282 destination = this->other.host->clone(this->other.host);
283
284 new_message->set_source(new_message, source);
285 new_message->set_destination(new_message, destination);
286 new_message->set_exchange_type(new_message, type);
287 new_message->set_request(new_message, request);
288 new_message->set_message_id(new_message, (request) ? this->message_id_out : this->message_id_in);
289 new_message->set_ike_sa_id(new_message, this->ike_sa_id);
290 *message = new_message;
291 }
292
293 /**
294 * Implements protected_ike_sa_t.process_configuration.
295 */
296 static status_t initialize_connection(private_ike_sa_t *this, char *name)
297 {
298 /* work is done in state object of type INITIATOR_INIT */
299 initiator_init_t *current_state;
300 status_t status;
301
302 if (this->current_state->get_state(this->current_state) != INITIATOR_INIT)
303 {
304 return FAILED;
305 }
306
307 current_state = (initiator_init_t *) this->current_state;
308
309 status = current_state->initiate_connection(current_state,name);
310
311 return status;
312 }
313
314 /**
315 * Implements protected_ike_sa_t.get_id.
316 */
317 static ike_sa_id_t* get_id(private_ike_sa_t *this)
318 {
319 return this->ike_sa_id;
320 }
321
322 /**
323 * Implements protected_ike_sa_t.compute_secrets.
324 */
325 static void compute_secrets(private_ike_sa_t *this,chunk_t dh_shared_secret,chunk_t initiator_nonce, chunk_t responder_nonce)
326 {
327 chunk_t concatenated_nonces;
328 chunk_t skeyseed;
329 chunk_t prf_plus_seed;
330 u_int64_t initiator_spi;
331 u_int64_t responder_spi;
332 prf_plus_t *prf_plus;
333
334
335 /*
336 * TODO check length for specific prf's
337 */
338 concatenated_nonces.len = (initiator_nonce.len + responder_nonce.len);
339 concatenated_nonces.ptr = allocator_alloc(concatenated_nonces.len);
340
341 /* first is initiator */
342 memcpy(concatenated_nonces.ptr,initiator_nonce.ptr,initiator_nonce.len);
343 /* second is responder */
344 memcpy(concatenated_nonces.ptr + initiator_nonce.len,responder_nonce.ptr,responder_nonce.len);
345
346 this->logger->log_chunk(this->logger, RAW, "Nonce data", &concatenated_nonces);
347
348 /* status of set_key is not checked */
349 this->prf->set_key(this->prf,concatenated_nonces);
350
351 this->prf->allocate_bytes(this->prf,dh_shared_secret,&skeyseed);
352
353 allocator_free_chunk(&concatenated_nonces);
354
355 prf_plus_seed.len = (initiator_nonce.len + responder_nonce.len + 16);
356 prf_plus_seed.ptr = allocator_alloc(prf_plus_seed.len);
357
358 /* first is initiator */
359 memcpy(prf_plus_seed.ptr,initiator_nonce.ptr,initiator_nonce.len);
360 /* second is responder */
361 memcpy(prf_plus_seed.ptr + initiator_nonce.len,responder_nonce.ptr,responder_nonce.len);
362 /* third is initiator spi */
363 initiator_spi = this->ike_sa_id->get_initiator_spi(this->ike_sa_id);
364 memcpy(prf_plus_seed.ptr + initiator_nonce.len + responder_nonce.len,&initiator_spi,8);
365 /* fourth is responder spi */
366 responder_spi = this->ike_sa_id->get_responder_spi(this->ike_sa_id);
367 memcpy(prf_plus_seed.ptr + initiator_nonce.len + responder_nonce.len + 8,&responder_spi,8);
368
369 this->logger->log_chunk(this->logger, PRIVATE | MORE, "Keyseed", &skeyseed);
370 this->logger->log_chunk(this->logger, PRIVATE | MORE, "PRF+ Seed", &prf_plus_seed);
371
372 this->logger->log(this->logger, CONTROL | MOST, "Set new key of prf object");
373 this->prf->set_key(this->prf,skeyseed);
374 allocator_free_chunk(&skeyseed);
375
376 this->logger->log(this->logger, CONTROL | MOST, "Create new prf+ object");
377 prf_plus = prf_plus_create(this->prf, prf_plus_seed);
378 allocator_free_chunk(&prf_plus_seed);
379
380 prf_plus->allocate_bytes(prf_plus,this->prf->get_block_size(this->prf),&(this->secrets.d_key));
381 this->logger->log_chunk(this->logger, PRIVATE, "Sk_d secret", &(this->secrets.d_key));
382
383 prf_plus->allocate_bytes(prf_plus,this->signer_initiator->get_key_size(this->signer_initiator),&(this->secrets.ai_key));
384 this->logger->log_chunk(this->logger, PRIVATE, "Sk_ai secret", &(this->secrets.ai_key));
385 this->signer_initiator->set_key(this->signer_initiator,this->secrets.ai_key);
386
387 prf_plus->allocate_bytes(prf_plus,this->signer_responder->get_key_size(this->signer_responder),&(this->secrets.ar_key));
388 this->logger->log_chunk(this->logger, PRIVATE, "Sk_ar secret", &(this->secrets.ar_key));
389 this->signer_responder->set_key(this->signer_responder,this->secrets.ar_key);
390
391
392 prf_plus->allocate_bytes(prf_plus,this->crypter_initiator->get_block_size(this->crypter_initiator),&(this->secrets.ei_key));
393 this->logger->log_chunk(this->logger, PRIVATE, "Sk_ei secret", &(this->secrets.ei_key));
394 this->crypter_initiator->set_key(this->crypter_initiator,this->secrets.ei_key);
395
396 prf_plus->allocate_bytes(prf_plus,this->crypter_responder->get_block_size(this->crypter_responder),&(this->secrets.er_key));
397 this->logger->log_chunk(this->logger, PRIVATE, "Sk_er secret", &(this->secrets.er_key));
398 this->crypter_responder->set_key(this->crypter_responder,this->secrets.er_key);
399
400 prf_plus->allocate_bytes(prf_plus,this->crypter_responder->get_block_size(this->crypter_responder),&(this->secrets.pi_key));
401 this->logger->log_chunk(this->logger, PRIVATE, "Sk_pi secret", &(this->secrets.pi_key));
402
403 prf_plus->allocate_bytes(prf_plus,this->crypter_responder->get_block_size(this->crypter_responder),&(this->secrets.pr_key));
404 this->logger->log_chunk(this->logger, PRIVATE, "Sk_pr secret", &(this->secrets.pr_key));
405
406 prf_plus->destroy(prf_plus);
407 }
408
409 /**
410 * Implementation of private_ike_sa_t.resend_last_reply.
411 */
412 static status_t resend_last_reply(private_ike_sa_t *this)
413 {
414 packet_t *packet;
415
416 packet = this->last_responded_message->get_packet(this->last_responded_message);
417 charon->send_queue->add(charon->send_queue, packet);
418
419 return SUCCESS;
420 }
421
422 /**
423 * Implementation of ike_sa_t.retransmit_request.
424 */
425 status_t retransmit_request (private_ike_sa_t *this, u_int32_t message_id)
426 {
427 packet_t *packet;
428
429 if ((this->message_id_out -1) != message_id)
430 {
431 return NOT_FOUND;
432 }
433
434 packet = this->last_responded_message->get_packet(this->last_responded_message);
435 charon->send_queue->add(charon->send_queue, packet);
436
437 return SUCCESS;
438 }
439
440
441 /**
442 * Implements protected_ike_sa_t.resend_last_reply.
443 */
444 static status_t create_delete_job(private_ike_sa_t *this)
445 {
446 job_t *delete_job;
447
448 this->logger->log(this->logger, CONTROL | MORE, "Going to create job to delete this IKE_SA");
449
450 delete_job = (job_t *) delete_ike_sa_job_create(this->ike_sa_id);
451 charon->job_queue->add(charon->job_queue,delete_job);
452
453 return SUCCESS;
454 }
455
456 /**
457 * Implementation of protected_ike_sa_t.set_new_state.
458 */
459 static void set_new_state (private_ike_sa_t *this, state_t *state)
460 {
461 this->logger->log(this->logger, CONTROL, "Change current state %s to %s",mapping_find(ike_sa_state_m,this->current_state->get_state(this->current_state)),mapping_find(ike_sa_state_m,state->get_state(state)));
462 this->current_state = state;
463 }
464
465 /**
466 * Implementation of protected_ike_sa_t.get_logger.
467 */
468 static logger_t *get_logger (private_ike_sa_t *this)
469 {
470 return this->logger;
471 }
472
473 /**
474 * Implementation of protected_ike_sa_t.get_my_host.
475 */
476 static host_t *get_my_host (private_ike_sa_t *this)
477 {
478 return this->me.host;
479 }
480
481 /**
482 * Implementation of protected_ike_sa_t.get_other_host.
483 */
484 static host_t *get_other_host (private_ike_sa_t *this)
485 {
486 return this->other.host;
487 }
488
489 /**
490 * Implementation of protected_ike_sa_t.get_init_config.
491 */
492 static init_config_t *get_init_config (private_ike_sa_t *this)
493 {
494 return this->init_config;
495 }
496
497 /**
498 * Implementation of protected_ike_sa_t.set_init_config.
499 */
500 static void set_init_config (private_ike_sa_t *this,init_config_t * init_config)
501 {
502 this->init_config = init_config;
503 }
504
505 /**
506 * Implementation of protected_ike_sa_t.get_sa_config.
507 */
508 static sa_config_t *get_sa_config (private_ike_sa_t *this)
509 {
510 return this->sa_config;
511 }
512
513 /**
514 * Implementation of protected_ike_sa_t.set_sa_config.
515 */
516 static void set_sa_config (private_ike_sa_t *this,sa_config_t * sa_config)
517 {
518 this->sa_config = sa_config;
519 }
520
521 /**
522 * Implementation of protected_ike_sa_t.set_my_host.
523 */
524 static void set_my_host (private_ike_sa_t *this, host_t *my_host)
525 {
526 this->me.host = my_host;
527 }
528
529 /**
530 * Implementation of protected_ike_sa_t.set_other_host.
531 */
532 static void set_other_host (private_ike_sa_t *this, host_t *other_host)
533 {
534 this->other.host = other_host;
535 }
536
537 /**
538 * Implementation of protected_ike_sa_t.set_prf.
539 */
540 static status_t create_transforms_from_proposal (private_ike_sa_t *this,ike_proposal_t *proposal)
541 {
542 this->logger->log(this->logger, CONTROL|MORE, "Going to create transform objects for proposal");
543
544 this->logger->log(this->logger, CONTROL|MORE, "Encryption algorithm: %s with keylength %d",mapping_find(encryption_algorithm_m,proposal->encryption_algorithm),proposal->encryption_algorithm_key_length);
545 this->logger->log(this->logger, CONTROL|MORE, "integrity algorithm: %s with keylength %d",mapping_find(integrity_algorithm_m,proposal->integrity_algorithm),proposal->integrity_algorithm_key_length);
546 this->logger->log(this->logger, CONTROL|MORE, "prf: %s with keylength %d",mapping_find(pseudo_random_function_m,proposal->pseudo_random_function),proposal->pseudo_random_function_key_length);
547
548 if (this->prf != NULL)
549 {
550 this->prf->destroy(this->prf);
551 }
552 this->prf = prf_create(proposal->pseudo_random_function);
553 if (this->prf == NULL)
554 {
555 this->logger->log(this->logger, ERROR|MORE, "prf not supported!");
556 return FAILED;
557 }
558
559 if (this->crypter_initiator != NULL)
560 {
561 this->crypter_initiator->destroy(this->crypter_initiator);
562 }
563 this->crypter_initiator = crypter_create(proposal->encryption_algorithm,proposal->encryption_algorithm_key_length);
564 if (this->crypter_initiator == NULL)
565 {
566 this->logger->log(this->logger, ERROR|MORE, "encryption algorithm not supported!");
567 return FAILED;
568 }
569
570 if (this->crypter_responder != NULL)
571 {
572 this->crypter_responder->destroy(this->crypter_responder);
573 }
574 this->crypter_responder = crypter_create(proposal->encryption_algorithm,proposal->encryption_algorithm_key_length);
575 if (this->crypter_responder == NULL)
576 {
577 this->logger->log(this->logger, ERROR|MORE, "encryption algorithm not supported!");
578 return FAILED;
579 }
580
581 if (this->signer_initiator != NULL)
582 {
583 this->signer_initiator->destroy(this->signer_initiator);
584 }
585 this->signer_initiator = signer_create(proposal->integrity_algorithm);
586 if (this->signer_initiator == NULL)
587 {
588 this->logger->log(this->logger, ERROR|MORE, "integrity algorithm not supported!");
589 return FAILED;
590 }
591
592 if (this->signer_responder != NULL)
593 {
594 this->signer_responder->destroy(this->signer_responder);
595 }
596 this->signer_responder = signer_create(proposal->integrity_algorithm);
597 if (this->signer_responder == NULL)
598 {
599 this->logger->log(this->logger, ERROR|MORE, "integrity algorithm not supported!");
600 return FAILED;
601 }
602
603 return SUCCESS;
604 }
605
606 /**
607 * Implementation of protected_ike_sa_t.get_randomizer.
608 */
609 static randomizer_t *get_randomizer (private_ike_sa_t *this)
610 {
611 return this->randomizer;
612 }
613
614 /**
615 * Implementation of protected_ike_sa_t.get_crypter_initiator.
616 */
617 static crypter_t *get_crypter_initiator (private_ike_sa_t *this)
618 {
619 return this->crypter_initiator;
620 }
621
622 /**
623 * Implementation of protected_ike_sa_t.get_signer_initiator.
624 */
625 static signer_t *get_signer_initiator (private_ike_sa_t *this)
626 {
627 return this->signer_initiator;
628 }
629
630 /**
631 * Implementation of protected_ike_sa_t.get_crypter_responder.
632 */
633 static crypter_t *get_crypter_responder(private_ike_sa_t *this)
634 {
635 return this->crypter_responder;
636 }
637
638 /**
639 * Implementation of protected_ike_sa_t.get_signer_responder.
640 */
641 static signer_t *get_signer_responder (private_ike_sa_t *this)
642 {
643 return this->signer_responder;
644 }
645
646 /**
647 * Implementation of protected_ike_sa_t.send_request.
648 */
649 static status_t send_request (private_ike_sa_t *this,message_t * message)
650 {
651 packet_t *packet;
652 status_t status;
653
654 if (message->get_message_id(message) != this->message_id_out)
655 {
656 this->logger->log(this->logger, ERROR, "Message could not be sent cause id was not as expected");
657 return FAILED;
658 }
659
660 /* generate packet */
661 this->logger->log(this->logger, CONTROL|MOST, "Generate packet from message");
662
663 status = message->generate(message, this->crypter_initiator,this->signer_initiator, &packet);
664 if (status != SUCCESS)
665 {
666 this->logger->log(this->logger, ERROR, "Could not generate packet from message");
667 return FAILED;
668 }
669
670 this->logger->log(this->logger, CONTROL|MOST, "Add packet to global send queue");
671 charon->send_queue->add(charon->send_queue, packet);
672
673 if (this->last_requested_message != NULL)
674 {
675 /* destroy message */
676 this->last_requested_message->destroy(this->last_requested_message);
677 }
678
679 this->logger->log(this->logger, CONTROL|MOST, "replace last requested message with new one");
680 this->last_requested_message = message;
681
682 /* message counter can now be increased */
683 this->logger->log(this->logger, CONTROL|MOST, "Increase message counter for outgoing messages");
684 this->message_id_out++;
685 return SUCCESS;
686 }
687
688 /**
689 * Implementation of protected_ike_sa_t.send_response.
690 */
691 static status_t send_response (private_ike_sa_t *this,message_t * message)
692 {
693 packet_t *packet;
694 status_t status;
695
696 if (message->get_message_id(message) != this->message_id_in)
697 {
698 this->logger->log(this->logger, CONTROL|MOST, "Message could not be sent cause id was not as expected");
699 return FAILED;
700 }
701
702 status = message->generate(message, this->crypter_responder,this->signer_responder, &packet);
703 if (status != SUCCESS)
704 {
705 this->logger->log(this->logger, ERROR, "Could not generate packet from message");
706 return FAILED;
707 }
708
709 this->logger->log(this->logger, CONTROL|MOST, "Add packet to global send queue");
710 charon->send_queue->add(charon->send_queue, packet);
711
712 if (this->last_responded_message != NULL)
713 {
714 /* destroy message */
715 this->last_responded_message->destroy(this->last_responded_message);
716 }
717
718 this->logger->log(this->logger, CONTROL|MOST, "replace last responded message with new one");
719 this->last_responded_message = message;
720
721 /* message counter can now be increased */
722 this->logger->log(this->logger, CONTROL|MOST, "Increase message counter for incoming messages");
723 this->message_id_in++;
724
725 return SUCCESS;
726 }
727
728 /**
729 * Implementation of protected_ike_sa_t.destroy.
730 */
731 static void reset_message_buffers (private_ike_sa_t *this)
732 {
733 this->logger->log(this->logger, CONTROL|MOST, "Reset message counters and destroy stored messages");
734 /* destroy stored requested message */
735 if (this->last_requested_message != NULL)
736 {
737 this->last_requested_message->destroy(this->last_requested_message);
738 this->last_requested_message = NULL;
739 }
740
741 /* destroy stored responded messages */
742 if (this->last_responded_message != NULL)
743 {
744 this->last_responded_message->destroy(this->last_responded_message);
745 this->last_responded_message = NULL;
746 }
747
748 this->message_id_out = 0;
749 this->message_id_in = 0;
750 }
751
752 /**
753 * Implementation of protected_ike_sa_t.destroy.
754 */
755 static void destroy (private_ike_sa_t *this)
756 {
757 this->logger->log(this->logger, CONTROL | MORE, "Going to destroy IKE_SA");
758
759 /* destroy child sa's */
760 this->logger->log(this->logger, CONTROL | MOST, "Destroy all child_sa's");
761 while (this->child_sas->get_count(this->child_sas) > 0)
762 {
763 void *child_sa;
764 if (this->child_sas->remove_first(this->child_sas, &child_sa) != SUCCESS)
765 {
766 break;
767 }
768 /* destroy child sa */
769 }
770 this->child_sas->destroy(this->child_sas);
771
772 this->logger->log(this->logger, CONTROL | MOST, "Destroy secrets");
773
774 allocator_free(this->secrets.d_key.ptr);
775 allocator_free(this->secrets.ai_key.ptr);
776 allocator_free(this->secrets.ar_key.ptr);
777 allocator_free(this->secrets.ei_key.ptr);
778 allocator_free(this->secrets.er_key.ptr);
779 allocator_free(this->secrets.pi_key.ptr);
780 allocator_free(this->secrets.pr_key.ptr);
781
782 if (this->crypter_initiator != NULL)
783 {
784 this->crypter_initiator->destroy(this->crypter_initiator);
785 }
786
787 if (this->crypter_responder != NULL)
788 {
789 this->crypter_responder->destroy(this->crypter_responder);
790 }
791
792 if (this->signer_initiator != NULL)
793 {
794 this->signer_initiator->destroy(this->signer_initiator);
795 }
796
797 if (this->signer_responder != NULL)
798 {
799 this->signer_responder->destroy(this->signer_responder);
800 }
801
802 if (this->prf != NULL)
803 {
804 this->prf->destroy(this->prf);
805 }
806
807 /* destroy ike_sa_id */
808 this->ike_sa_id->destroy(this->ike_sa_id);
809
810 /* destroy stored requested message */
811 if (this->last_requested_message != NULL)
812 {
813 this->last_requested_message->destroy(this->last_requested_message);
814 }
815
816 /* destroy stored host_t objects */
817 if (this->me.host != NULL)
818 {
819 this->me.host->destroy(this->me.host);
820 }
821
822 /* destroy stored host_t objects */
823 if (this->other.host != NULL)
824 {
825 this->other.host->destroy(this->other.host);
826 }
827
828
829 /* destroy stored responded messages */
830 if (this->last_responded_message != NULL)
831 {
832 this->last_responded_message->destroy(this->last_responded_message);
833 }
834
835 this->randomizer->destroy(this->randomizer);
836
837 this->logger->log(this->logger, CONTROL | MOST, "Destroy current state object");
838 this->current_state->destroy(this->current_state);
839
840 this->logger->log(this->logger, CONTROL | MOST, "Destroy logger of IKE_SA");
841 charon->logger_manager->destroy_logger(charon->logger_manager, this->logger);
842
843 allocator_free(this);
844 }
845
846 /*
847 * Described in Header
848 */
849 ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id)
850 {
851 private_ike_sa_t *this = allocator_alloc_thing(private_ike_sa_t);
852
853 /* Public functions */
854 this->protected.public.process_message = (status_t(*)(ike_sa_t*, message_t*)) process_message;
855 this->protected.public.initialize_connection = (status_t(*)(ike_sa_t*, char*)) initialize_connection;
856 this->protected.public.get_id = (ike_sa_id_t*(*)(ike_sa_t*)) get_id;
857 this->protected.public.retransmit_request = (status_t (*) (ike_sa_t *, u_int32_t)) retransmit_request;
858 this->protected.public.destroy = (void(*)(ike_sa_t*))destroy;
859
860 /* protected functions */
861 this->protected.build_message = (void (*) (protected_ike_sa_t *, exchange_type_t , bool , message_t **)) build_message;
862 this->protected.compute_secrets = (void (*) (protected_ike_sa_t *,chunk_t ,chunk_t , chunk_t )) compute_secrets;
863 this->protected.get_logger = (logger_t *(*) (protected_ike_sa_t *)) get_logger;
864 this->protected.set_init_config = (void (*) (protected_ike_sa_t *,init_config_t *)) set_init_config;
865 this->protected.get_init_config = (init_config_t *(*) (protected_ike_sa_t *)) get_init_config;
866 this->protected.set_sa_config = (void (*) (protected_ike_sa_t *,sa_config_t *)) set_sa_config;
867 this->protected.get_sa_config = (sa_config_t *(*) (protected_ike_sa_t *)) get_sa_config;
868 this->protected.get_my_host = (host_t *(*) (protected_ike_sa_t *)) get_my_host;
869 this->protected.get_other_host = (host_t *(*) (protected_ike_sa_t *)) get_other_host;
870 this->protected.set_my_host = (void(*) (protected_ike_sa_t *,host_t *)) set_my_host;
871 this->protected.set_other_host = (void(*) (protected_ike_sa_t *, host_t *)) set_other_host;
872 this->protected.get_randomizer = (randomizer_t *(*) (protected_ike_sa_t *)) get_randomizer;
873 this->protected.send_request = (status_t (*) (protected_ike_sa_t *,message_t *)) send_request;
874 this->protected.send_response = (status_t (*) (protected_ike_sa_t *,message_t *)) send_response;
875 this->protected.create_transforms_from_proposal = (status_t (*) (protected_ike_sa_t *,ike_proposal_t *)) create_transforms_from_proposal;
876 this->protected.set_new_state = (void (*) (protected_ike_sa_t *,state_t *)) set_new_state;
877 this->protected.get_crypter_initiator = (crypter_t *(*) (protected_ike_sa_t *)) get_crypter_initiator;
878 this->protected.get_signer_initiator = (signer_t *(*) (protected_ike_sa_t *)) get_signer_initiator;
879 this->protected.get_crypter_responder = (crypter_t *(*) (protected_ike_sa_t *)) get_crypter_responder;
880 this->protected.get_signer_responder = (signer_t *(*) (protected_ike_sa_t *)) get_signer_responder;
881 this->protected.reset_message_buffers = (void (*) (protected_ike_sa_t *)) reset_message_buffers;
882
883 /* private functions */
884 this->resend_last_reply = resend_last_reply;
885 this->create_delete_job = create_delete_job;
886
887 /* initialize private fields */
888 this->logger = charon->logger_manager->create_logger(charon->logger_manager, IKE_SA, NULL);
889
890 this->ike_sa_id = ike_sa_id->clone(ike_sa_id);
891 this->child_sas = linked_list_create();
892 this->randomizer = randomizer_create();
893
894 this->me.host = NULL;
895 this->other.host = NULL;
896 this->last_requested_message = NULL;
897 this->last_responded_message = NULL;
898 this->message_id_out = 0;
899 this->message_id_in = 0;
900 this->secrets.d_key = CHUNK_INITIALIZER;
901 this->secrets.ai_key = CHUNK_INITIALIZER;
902 this->secrets.ar_key = CHUNK_INITIALIZER;
903 this->secrets.ei_key = CHUNK_INITIALIZER;
904 this->secrets.er_key = CHUNK_INITIALIZER;
905 this->secrets.pi_key = CHUNK_INITIALIZER;
906 this->secrets.pr_key = CHUNK_INITIALIZER;
907 this->crypter_initiator = NULL;
908 this->crypter_responder = NULL;
909 this->signer_initiator = NULL;
910 this->signer_responder = NULL;
911 this->prf = NULL;
912 this->init_config = NULL;
913 this->sa_config = NULL;
914
915 /* at creation time, IKE_SA is in a initiator state */
916 if (ike_sa_id->is_initiator(ike_sa_id))
917 {
918 this->current_state = (state_t *) initiator_init_create(&(this->protected));
919 }
920 else
921 {
922 this->current_state = (state_t *) responder_init_create(&(this->protected));
923 }
924 return &(this->protected.public);
925 }