- new configuration support added to ike_sa and states
[strongswan.git] / Source / charon / sa / states / ike_sa_init_responded.c
1 /**
2 * @file ike_sa_init_responded.c
3 *
4 * @brief State of a IKE_SA after responding to an IKE_SA_INIT request
5 *
6 */
7
8 /*
9 * Copyright (C) 2005 Jan Hutter, Martin Willi
10 * Hochschule fuer Technik Rapperswil
11 *
12 * This program is free software; you can redistribute it and/or modify it
13 * under the terms of the GNU General Public License as published by the
14 * Free Software Foundation; either version 2 of the License, or (at your
15 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
16 *
17 * This program is distributed in the hope that it will be useful, but
18 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
19 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
20 * for more details.
21 */
22
23 #include "ike_sa_init_responded.h"
24
25 #include <daemon.h>
26 #include <utils/allocator.h>
27 #include <encoding/payloads/ts_payload.h>
28 #include <encoding/payloads/sa_payload.h>
29 #include <encoding/payloads/id_payload.h>
30 #include <encoding/payloads/auth_payload.h>
31 #include <transforms/signers/signer.h>
32 #include <transforms/crypters/crypter.h>
33
34
35 typedef struct private_ike_sa_init_responded_t private_ike_sa_init_responded_t;
36
37 /**
38 * Private data of a ike_sa_init_responded_t object.
39 *
40 */
41 struct private_ike_sa_init_responded_t {
42 /**
43 * methods of the state_t interface
44 */
45 ike_sa_init_responded_t public;
46
47 /**
48 * Shared secret from DH-Exchange
49 *
50 * All needed secrets are derived from this shared secret and then passed to the next
51 * state of type ike_sa_established_t
52 */
53 chunk_t shared_secret;
54
55 /**
56 * Sent nonce used to calculate secrets
57 */
58 chunk_t received_nonce;
59
60 /**
61 * Sent nonce used to calculate secrets
62 */
63 chunk_t sent_nonce;
64
65 /**
66 * Assigned IKE_SA
67 */
68 protected_ike_sa_t *ike_sa;
69
70 /**
71 * Logger used to log data
72 *
73 * Is logger of ike_sa!
74 */
75 logger_t *logger;
76 };
77
78 /**
79 * Implements state_t.get_state
80 */
81 static status_t process_message(private_ike_sa_init_responded_t *this, message_t *message)
82 {
83 status_t status;
84 signer_t *signer;
85 crypter_t *crypter;
86 iterator_t *payloads;
87 exchange_type_t exchange_type;
88 id_payload_t *idi_payload, *idr_payload;
89 auth_payload_t *auth_payload;
90 sa_payload_t *sa_payload;
91 ts_payload_t *tsi_payload, *tsr_payload;
92
93 exchange_type = message->get_exchange_type(message);
94 if (exchange_type != IKE_AUTH)
95 {
96 this->logger->log(this->logger, ERROR | MORE, "Message of type %s not supported in state ike_sa_init_responded",
97 mapping_find(exchange_type_m,exchange_type));
98 return FAILED;
99 }
100
101 if (!message->get_request(message))
102 {
103 this->logger->log(this->logger, ERROR | MORE, "Only requests of type IKE_AUTH supported in state ike_sa_init_responded");
104 return FAILED;
105 }
106
107 /* get signer for verification and crypter for decryption */
108 signer = this->ike_sa->get_signer_initiator(this->ike_sa);
109 crypter = this->ike_sa->get_crypter_initiator(this->ike_sa);
110
111 /* parse incoming message */
112 status = message->parse_body(message, crypter, signer);
113 if (status != SUCCESS)
114 {
115 this->logger->log(this->logger, ERROR | MORE, "Could not parse body of request message");
116 return status;
117 }
118
119 /* iterate over incoming payloads. Message is verified, we can be sure there are the required payloads */
120 payloads = message->get_payload_iterator(message);
121 while (payloads->has_next(payloads))
122 {
123 payload_t *payload;
124 payloads->current(payloads, (void**)&payload);
125
126 switch (payload->get_type(payload))
127 {
128 case ID_INITIATOR:
129 {
130 idi_payload = (id_payload_t*)payload;
131 break;
132 }
133 case AUTHENTICATION:
134 {
135 auth_payload = (auth_payload_t*)payload;
136 break;
137 }
138 case ID_RESPONDER:
139 {
140 /* TODO handle idr payloads */
141 break;
142 }
143 case SECURITY_ASSOCIATION:
144 {
145 sa_payload = (sa_payload_t*)payload;
146 break;
147 }
148 case CERTIFICATE:
149 {
150 /* TODO handle cert payloads */
151 break;
152 }
153 case CERTIFICATE_REQUEST:
154 {
155 /* TODO handle certrequest payloads */
156 break;
157 }
158 case TRAFFIC_SELECTOR_INITIATOR:
159 {
160 tsi_payload = (ts_payload_t*)payload;
161 break;
162 }
163 case TRAFFIC_SELECTOR_RESPONDER:
164 {
165 tsr_payload = (ts_payload_t*)payload;
166 break;
167 }
168 default:
169 {
170 /* can't happen, since message is verified */
171 break;
172 }
173 }
174 }
175 /* iterator can be destroyed */
176 payloads->destroy(payloads);
177
178
179 /*
180 * ID Payload
181 */
182 this->logger->log(this->logger, CONTROL|MOST, "type of IDi is %s",
183 mapping_find(id_type_m, idi_payload->get_id_type(idi_payload)));
184 chunk_t data = idi_payload->get_data(idi_payload);
185
186 this->logger->log(this->logger, CONTROL|MOST, "data of IDi is %s",
187 data.ptr);
188
189 // charon->configuration_manager->get_my_default_id(charon->configuration_manager, id
190 //
191 //
192 //
193 //
194 // this->logger->log(this->logger, CONTROL|MOST, "type of AUTH is %s",
195 // mapping_find(auth_method_m, auth_payload->get_auth_method(auth_payload)));
196 //
197 // /* get the list of suggested proposals */
198 // suggested_proposals = sa_payload->create_proposal_substructure_iterator(sa_payload, TRUE);
199 //
200 // /* now let the configuration-manager select a subset of the proposals */
201 // status = charon->configuration_manager->select_proposals_for_host(charon->configuration_manager,
202 // this->ike_sa->get_other_host(this->ike_sa), suggested_proposals, accepted_proposals);
203 //
204
205 // iterator = tsi_payload->create_traffic_selector_substructure_iterator(tsi_payload, TRUE);
206 // while (iterator->has_next(iterator))
207 // {
208 // traffic_selector_substructure_t *ts;
209 // iterator->current(iterator, (void**)ts);
210 // this->logger->log(this->logger, CONTROL|MOST, "type of TSi is %s",
211 // mapping_find(ts_type_m, ts->get_ts_type(ts)));
212 //
213 // }
214 // iterator->destroy(iterator);
215 //
216 // iterator = tsr_payload->create_traffic_selector_substructure_iterator(tsr_payload, TRUE);
217 // while (iterator->has_next(iterator))
218 // {
219 // traffic_selector_substructure_t *ts;
220 // iterator->current(iterator, (void**)ts);
221 // this->logger->log(this->logger, CONTROL|MOST, "type of TSr is %s",
222 // mapping_find(ts_type_m, ts->get_ts_type(ts)));
223 //
224 // }
225 // iterator->destroy(iterator);
226
227
228
229 this->logger->log(this->logger, CONTROL | MORE, "Request successfully handled. Going to create reply.");
230
231 return SUCCESS;
232 }
233
234
235 static status_t build_id_payload(private_ike_sa_init_responded_t *this, id_payload_t *id_payload)
236 {
237 return SUCCESS;
238 }
239
240 /**
241 * Implements state_t.get_state
242 */
243 static ike_sa_state_t get_state(private_ike_sa_init_responded_t *this)
244 {
245 return IKE_SA_INIT_RESPONDED;
246 }
247
248 /**
249 * Implements state_t.get_state
250 */
251 static void destroy(private_ike_sa_init_responded_t *this)
252 {
253 this->logger->log(this->logger, CONTROL | MORE, "Going to destroy ike_sa_init_responded_t state object");
254
255 this->logger->log(this->logger, CONTROL | MOST, "Destroy shared_secret");
256 allocator_free(this->shared_secret.ptr);
257
258 this->logger->log(this->logger, CONTROL | MOST, "Destroy sent nonce");
259 allocator_free(this->sent_nonce.ptr);
260
261 this->logger->log(this->logger, CONTROL | MOST, "Destroy received nonce");
262 allocator_free(this->received_nonce.ptr);
263
264 allocator_free(this);
265 }
266
267 /*
268 * Described in header.
269 */
270
271 ike_sa_init_responded_t *ike_sa_init_responded_create(protected_ike_sa_t *ike_sa, chunk_t shared_secret, chunk_t received_nonce, chunk_t sent_nonce)
272 {
273 private_ike_sa_init_responded_t *this = allocator_alloc_thing(private_ike_sa_init_responded_t);
274
275 /* interface functions */
276 this->public.state_interface.process_message = (status_t (*) (state_t *,message_t *)) process_message;
277 this->public.state_interface.get_state = (ike_sa_state_t (*) (state_t *)) get_state;
278 this->public.state_interface.destroy = (void (*) (state_t *)) destroy;
279
280 /* private data */
281 this->ike_sa = ike_sa;
282 this->logger = this->ike_sa->get_logger(this->ike_sa);
283 this->shared_secret = shared_secret;
284 this->received_nonce = received_nonce;
285 this->sent_nonce = sent_nonce;
286
287 return &(this->public);
288 }