2 * @file initiator_init.c
4 * @brief Start state of a IKE_SA as initiator
9 * Copyright (C) 2005 Jan Hutter, Martin Willi
10 * Hochschule fuer Technik Rapperswil
12 * This program is free software; you can redistribute it and/or modify it
13 * under the terms of the GNU General Public License as published by the
14 * Free Software Foundation; either version 2 of the License, or (at your
15 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
17 * This program is distributed in the hope that it will be useful, but
18 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
19 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
23 #include "initiator_init.h"
27 #include <sa/states/state.h>
28 #include <sa/states/ike_sa_init_requested.h>
29 #include <utils/allocator.h>
30 #include <transforms/diffie_hellman.h>
31 #include <encoding/payloads/sa_payload.h>
32 #include <encoding/payloads/ke_payload.h>
33 #include <encoding/payloads/nonce_payload.h>
37 * Private data of a initiator_init_t object.
40 typedef struct private_initiator_init_s private_initiator_init_t
;
41 struct private_initiator_init_s
{
43 * Methods of the state_t interface.
45 initiator_init_t
public;
50 protected_ike_sa_t
*ike_sa
;
53 * Diffie hellman object used to generate public DH value.
54 * This objet is passed to the next state of type ike_sa_init_requested_t.
56 diffie_hellman_t
*diffie_hellman
;
61 u_int16_t dh_group_number
;
64 * DH group priority used to get dh_group_number from configuration manager.
65 * This priority is passed to the next state of type ike_sa_init_requested_t.
67 u_int16_t dh_group_priority
;
71 * This nonce is passed to the next state of type ike_sa_init_requested_t.
76 * Proposals used to initiate connection.
79 linked_list_t
*proposals
;
82 * Logger used to log :-)
84 * Is logger of ike_sa!
89 * Builds the IKE_SA_INIT request message.
91 * @param this calling object
92 * @param message the created message will be stored at this location
97 status_t (*build_ike_sa_init_request
) (private_initiator_init_t
*this, message_t
**message
);
100 * Builds the SA payload for this state.
102 * @param this calling object
103 * @param payload The generated SA payload object of type ke_payload_t is
104 * stored at this location.
109 status_t (*build_sa_payload
) (private_initiator_init_t
*this, payload_t
**payload
);
112 * Builds the KE payload for this state.
114 * @param this calling object
115 * @param payload The generated KE payload object of type ke_payload_t is
116 * stored at this location.
121 status_t (*build_ke_payload
) (private_initiator_init_t
*this, payload_t
**payload
);
123 * Builds the NONCE payload for this state.
125 * @param this calling object
126 * @param payload The generated NONCE payload object of type ke_payload_t is
127 * stored at this location.
132 status_t (*build_nonce_payload
) (private_initiator_init_t
*this, payload_t
**payload
);
135 * Destroy function called internally of this class after state change succeeded.
137 * This destroy function does not destroy objects which were passed to the new state.
139 * @param this calling object
140 * @return SUCCESS in any case
142 status_t (*destroy_after_state_change
) (private_initiator_init_t
*this);
146 * Implements function initiator_init_t.initiate_connection.
148 static status_t
initiate_connection (private_initiator_init_t
*this, char *name
, state_t
**new_state
)
150 linked_list_iterator_t
*proposal_iterator
;
151 ike_sa_init_requested_t
*next_state
;
156 this->logger
->log(this->logger
, CONTROL
, "Initializing connection %s",name
);
158 status
= global_configuration_manager
->get_local_host(global_configuration_manager
, name
, &(this->ike_sa
->me
.host
));
159 if (status
!= SUCCESS
)
161 this->logger
->log(this->logger
, ERROR
| MORE
, "Could not retrieve local host configuration information for %s",name
);
165 status
= global_configuration_manager
->get_remote_host(global_configuration_manager
, name
, &(this->ike_sa
->other
.host
));
166 if (status
!= SUCCESS
)
168 this->logger
->log(this->logger
, ERROR
| MORE
, "Could not retrieve remote host configuration information for %s",name
);
172 status
= global_configuration_manager
->get_dh_group_number(global_configuration_manager
, name
, &(this->dh_group_number
), this->dh_group_priority
);
173 if (status
!= SUCCESS
)
175 this->logger
->log(this->logger
, ERROR
| MORE
, "Could not retrieve DH group number configuration for %s",name
);
179 status
= this->proposals
->create_iterator(this->proposals
, &proposal_iterator
, FALSE
);
180 if (status
!= SUCCESS
)
182 this->logger
->log(this->logger
, ERROR
, "Fatal error: Could not create iterator on list for proposals");
186 status
= global_configuration_manager
->get_proposals_for_host(global_configuration_manager
, this->ike_sa
->other
.host
, proposal_iterator
);
187 /* not needed anymore */
188 proposal_iterator
->destroy(proposal_iterator
);
189 if (status
!= SUCCESS
)
191 this->logger
->log(this->logger
, ERROR
| MORE
, "Could not retrieve Proposals for %s",name
);
195 /* a diffie hellman object could allready exist caused by an failed initiate_connection call */
196 if (this->diffie_hellman
== NULL
)
198 this ->logger
->log(this->logger
, CONTROL
|MOST
, "create diffie hellman object");
199 this->diffie_hellman
= diffie_hellman_create(this->dh_group_number
);
202 if (this->diffie_hellman
== NULL
)
204 this->logger
->log(this->logger
, ERROR
, "Object of type diffie_hellman_t could not be created!");
208 if (this->sent_nonce
.ptr
!= NULL
)
210 this->logger
->log(this->logger
, ERROR
, "Free existing sent nonce!");
211 allocator_free(this->sent_nonce
.ptr
);
212 this->sent_nonce
= CHUNK_INITIALIZER
;
215 this ->logger
->log(this->logger
, CONTROL
|MOST
, "Get pseudo random bytes for nonce");
216 if (this->ike_sa
->randomizer
->allocate_pseudo_random_bytes(this->ike_sa
->randomizer
, NONCE_SIZE
, &(this->sent_nonce
)) != SUCCESS
)
218 this->logger
->log(this->logger
, ERROR
, "Could not create nonce!");
221 this ->logger
->log(this->logger
, RAW
|MOST
, "Nonce",&(this->sent_nonce
));
225 status
= this->build_ike_sa_init_request (this,&message
);
226 if (status
!= SUCCESS
)
228 this->logger
->log(this->logger
, ERROR
, "Fatal error: could not build IKE_SA_INIT request message");
232 /* generate packet */
233 this ->logger
->log(this->logger
, CONTROL
|MOST
, "generate packet from message");
234 status
= message
->generate(message
, &packet
);
235 if (status
!= SUCCESS
)
237 this->logger
->log(this->logger
, ERROR
, "Fatal error: could not generate packet from message");
238 message
->destroy(message
);
242 this ->logger
->log(this->logger
, CONTROL
|MOST
, "Add packet to global send queue");
243 status
= global_send_queue
->add(global_send_queue
, packet
);
244 if (status
!= SUCCESS
)
246 this->logger
->log(this->logger
, ERROR
, "Could not add packet to send queue");
247 packet
->destroy(packet
);
248 message
->destroy(message
);
252 /* state can now be changed */
253 this ->logger
->log(this->logger
, CONTROL
|MOST
, "Create next state object");
254 next_state
= ike_sa_init_requested_create(this->ike_sa
, this->dh_group_number
, this->diffie_hellman
, this->sent_nonce
);
256 if (next_state
== NULL
)
258 this ->logger
->log(this->logger
, ERROR
, "Fatal error: could not create next state object of type ike_sa_init_requested_t");
262 if ( this->ike_sa
->last_requested_message
!= NULL
)
264 /* destroy message */
265 this ->logger
->log(this->logger
, CONTROL
|MOST
, "Destroy stored last requested message");
266 this->ike_sa
->last_requested_message
->destroy(this->ike_sa
->last_requested_message
);
269 /* message is set after state create */
270 this ->logger
->log(this->logger
, CONTROL
|MOST
, "replace last requested message with current one");
271 this->ike_sa
->last_requested_message
= message
;
273 /* message counter can now be increased */
274 this ->logger
->log(this->logger
, CONTROL
|MOST
, "Increate message counter for outgoing messages");
275 this->ike_sa
->message_id_out
++;
277 *new_state
= (state_t
*) next_state
;
278 /* state has NOW changed :-) */
279 this ->logger
->log(this->logger
, CONTROL
|MORE
, "Changed state of IKE_SA from %s to %s",mapping_find(ike_sa_state_m
,INITIATOR_INIT
),mapping_find(ike_sa_state_m
,IKE_SA_INIT_REQUESTED
) );
281 this ->logger
->log(this->logger
, CONTROL
|MOST
, "Destroy old sate object");
282 this->destroy_after_state_change(this);
288 * implements private_initiator_init_t.build_ike_sa_init_request
290 static status_t
build_ike_sa_init_request (private_initiator_init_t
*this, message_t
**request
)
296 /* going to build message */
297 this ->logger
->log(this->logger
, CONTROL
|MOST
, "Going to build message");
298 status
= this->ike_sa
->build_message(this->ike_sa
, IKE_SA_INIT
, TRUE
, &message
);
299 if (status
!= SUCCESS
)
301 this->logger
->log(this->logger
, ERROR
, "Could not build empty message");
305 /* build SA payload */
306 status
= this->build_sa_payload(this, &payload
);
307 if (status
!= SUCCESS
)
309 this->logger
->log(this->logger
, ERROR
, "Could not build SA payload");
310 message
->destroy(message
);
314 this ->logger
->log(this->logger
, CONTROL
|MOST
, "add SA payload to message");
315 status
= message
->add_payload(message
, payload
);
316 if (status
!= SUCCESS
)
318 this->logger
->log(this->logger
, ERROR
, "Could not add SA payload to message");
319 payload
->destroy(payload
);
320 message
->destroy(message
);
324 /* build KE payload */
325 status
= this->build_ke_payload(this, &payload
);
326 if (status
!= SUCCESS
)
328 this->logger
->log(this->logger
, ERROR
, "Could not build KE payload");
329 message
->destroy(message
);
333 this ->logger
->log(this->logger
, CONTROL
|MOST
, "add KE payload to message");
334 status
= message
->add_payload(message
, payload
);
335 if (status
!= SUCCESS
)
337 this->logger
->log(this->logger
, ERROR
, "Could not add KE payload to message");
338 payload
->destroy(payload
);
339 message
->destroy(message
);
343 /* build Nonce payload */
344 status
= this->build_nonce_payload(this, &payload
);
345 if (status
!= SUCCESS
)
347 this->logger
->log(this->logger
, ERROR
, "Could not build NONCE payload");
348 message
->destroy(message
);
352 this ->logger
->log(this->logger
, CONTROL
|MOST
, "add nonce payload to message");
353 status
= message
->add_payload(message
, payload
);
354 if (status
!= SUCCESS
)
356 this->logger
->log(this->logger
, ERROR
, "Could not add nonce payload to message");
357 payload
->destroy(payload
);
358 message
->destroy(message
);
367 * implements private_initiator_init_t.build_sa_payload
369 static status_t
build_sa_payload(private_initiator_init_t
*this, payload_t
**payload
)
371 sa_payload_t
* sa_payload
;
372 linked_list_iterator_t
*proposal_iterator
;
375 /* SA payload takes proposals from this->ike_sa_init_data.proposals and writes them to the created sa_payload */
377 this->logger
->log(this->logger
, CONTROL
|MORE
, "building sa payload");
378 status
= this->proposals
->create_iterator(this->proposals
, &proposal_iterator
, FALSE
);
379 if (status
!= SUCCESS
)
381 this->logger
->log(this->logger
, ERROR
, "Fatal error: Could not create iterator on list for proposals");
385 sa_payload
= sa_payload_create();
386 if (sa_payload
== NULL
)
388 this->logger
->log(this->logger
, ERROR
, "Fatal error: Could not create SA payload object");
392 while (proposal_iterator
->has_next(proposal_iterator
))
394 proposal_substructure_t
*current_proposal
;
395 proposal_substructure_t
*current_proposal_clone
;
396 status
= proposal_iterator
->current(proposal_iterator
,(void **) ¤t_proposal
);
397 if (status
!= SUCCESS
)
399 this->logger
->log(this->logger
, ERROR
, "Could not get current proposal needed to copy");
400 proposal_iterator
->destroy(proposal_iterator
);
401 sa_payload
->destroy(sa_payload
);
404 status
= current_proposal
->clone(current_proposal
,¤t_proposal_clone
);
405 if (status
!= SUCCESS
)
407 this->logger
->log(this->logger
, ERROR
, "Could not clone current proposal");
408 proposal_iterator
->destroy(proposal_iterator
);
409 sa_payload
->destroy(sa_payload
);
413 status
= sa_payload
->add_proposal_substructure(sa_payload
,current_proposal_clone
);
414 if (status
!= SUCCESS
)
416 this->logger
->log(this->logger
, ERROR
, "Could not add cloned proposal to SA payload");
417 proposal_iterator
->destroy(proposal_iterator
);
418 sa_payload
->destroy(sa_payload
);
423 proposal_iterator
->destroy(proposal_iterator
);
425 this->logger
->log(this->logger
, CONTROL
|MORE
, "sa payload builded");
427 *payload
= (payload_t
*) sa_payload
;
432 * implements private_initiator_init_t.build_ke_payload
434 static status_t
build_ke_payload(private_initiator_init_t
*this, payload_t
**payload
)
436 ke_payload_t
*ke_payload
;
440 this->logger
->log(this->logger
, CONTROL
|MORE
, "building ke payload");
443 this ->logger
->log(this->logger
, CONTROL
|MORE
, "get public dh value to send in ke payload");
444 status
= this->diffie_hellman
->get_my_public_value(this->diffie_hellman
,&key_data
);
445 if (status
!= SUCCESS
)
447 this->logger
->log(this->logger
, ERROR
, "Could not get my DH public value");
451 ke_payload
= ke_payload_create();
452 if (ke_payload
== NULL
)
454 this->logger
->log(this->logger
, ERROR
, "Could not create KE payload");
455 allocator_free_chunk(key_data
);
458 ke_payload
->set_dh_group_number(ke_payload
, this->dh_group_number
);
459 if (ke_payload
->set_key_exchange_data(ke_payload
, key_data
) != SUCCESS
)
461 this->logger
->log(this->logger
, ERROR
, "Could not set key exchange data of KE payload");
462 ke_payload
->destroy(ke_payload
);
463 allocator_free_chunk(key_data
);
466 allocator_free_chunk(key_data
);
468 this->logger
->log(this->logger
, CONTROL
|MORE
, "ke payload builded");
470 *payload
= (payload_t
*) ke_payload
;
475 * implements private_initiator_init_t.build_nonce_payload
477 static status_t
build_nonce_payload(private_initiator_init_t
*this, payload_t
**payload
)
479 nonce_payload_t
*nonce_payload
;
482 this->logger
->log(this->logger
, CONTROL
|MORE
, "building nonce payload");
484 nonce_payload
= nonce_payload_create();
485 if (nonce_payload
== NULL
)
487 this->logger
->log(this->logger
, ERROR
, "Fatal error: could not create nonce payload object");
491 status
= nonce_payload
->set_nonce(nonce_payload
, this->sent_nonce
);
493 if (status
!= SUCCESS
)
495 this->logger
->log(this->logger
, ERROR
, "Fatal error: could not set nonce data of payload");
496 nonce_payload
->destroy(nonce_payload
);
500 *payload
= (payload_t
*) nonce_payload
;
502 this->logger
->log(this->logger
, CONTROL
|MORE
, "nonce payload builded");
508 * Implements state_t.get_state
510 static status_t
process_message(private_initiator_init_t
*this, message_t
*message
, state_t
**new_state
)
512 *new_state
= (state_t
*) this;
513 this->logger
->log(this->logger
, ERROR
|MORE
, "In state INITIATOR_INIT no message is processed");
518 * Implements state_t.get_state
520 static ike_sa_state_t
get_state(private_initiator_init_t
*this)
522 return INITIATOR_INIT
;
526 * Implements state_t.get_state
528 static status_t
destroy(private_initiator_init_t
*this)
530 this->logger
->log(this->logger
, CONTROL
| MORE
, "Going to destroy initiator_init_t state object");
532 /* destroy stored proposal */
533 this->logger
->log(this->logger
, CONTROL
| MOST
, "Destroy stored proposals");
534 while (this->proposals
->get_count(this->proposals
) > 0)
536 proposal_substructure_t
*current_proposal
;
537 this->proposals
->remove_first(this->proposals
,(void **)¤t_proposal
);
538 current_proposal
->destroy(current_proposal
);
540 this->proposals
->destroy(this->proposals
);
542 /* destroy diffie hellman object */
543 if (this->diffie_hellman
!= NULL
)
545 this->logger
->log(this->logger
, CONTROL
| MOST
, "Destroy diffie_hellman_t object");
546 this->diffie_hellman
->destroy(this->diffie_hellman
);
548 if (this->sent_nonce
.ptr
!= NULL
)
550 this->logger
->log(this->logger
, CONTROL
| MOST
, "Free memory of sent nonce");
551 allocator_free(this->sent_nonce
.ptr
);
554 allocator_free(this);
559 * Implements private_initiator_init_t.destroy_after_state_change
561 static status_t
destroy_after_state_change (private_initiator_init_t
*this)
563 this->logger
->log(this->logger
, CONTROL
| MORE
, "Going to destroy initiator_init_t state object");
565 /* destroy stored proposal */
566 this->logger
->log(this->logger
, CONTROL
| MOST
, "Destroy stored proposals");
567 while (this->proposals
->get_count(this->proposals
) > 0)
569 proposal_substructure_t
*current_proposal
;
570 this->proposals
->remove_first(this->proposals
,(void **)¤t_proposal
);
571 current_proposal
->destroy(current_proposal
);
573 this->proposals
->destroy(this->proposals
);
574 allocator_free(this);
579 * Described in header.
581 initiator_init_t
*initiator_init_create(protected_ike_sa_t
*ike_sa
)
583 private_initiator_init_t
*this = allocator_alloc_thing(private_initiator_init_t
);
590 /* interface functions */
591 this->public.state_interface
.process_message
= (status_t (*) (state_t
*,message_t
*,state_t
**)) process_message
;
592 this->public.state_interface
.get_state
= (ike_sa_state_t (*) (state_t
*)) get_state
;
593 this->public.state_interface
.destroy
= (status_t (*) (state_t
*)) destroy
;
595 /* public functions */
596 this->public.initiate_connection
= (status_t (*)(initiator_init_t
*, char *, state_t
**)) initiate_connection
;
598 /* private functions */
599 this->destroy_after_state_change
= destroy_after_state_change
;
600 this->build_ike_sa_init_request
= build_ike_sa_init_request
;
601 this->build_nonce_payload
= build_nonce_payload
;
602 this->build_sa_payload
= build_sa_payload
;
603 this->build_ke_payload
= build_ke_payload
;
606 this->ike_sa
= ike_sa
;
607 this->dh_group_priority
= 1;
608 this->logger
= this->ike_sa
->logger
;
609 this->proposals
= linked_list_create();
610 this->sent_nonce
= CHUNK_INITIALIZER
;
611 if (this->proposals
== NULL
)
613 allocator_free(this);
617 return &(this->public);
projects / strongswan.git / blob