2 * @file responder_init.c
4 * @brief Start state of a IKE_SA as responder
9 * Copyright (C) 2005 Jan Hutter, Martin Willi
10 * Hochschule fuer Technik Rapperswil
12 * This program is free software; you can redistribute it and/or modify it
13 * under the terms of the GNU General Public License as published by the
14 * Free Software Foundation; either version 2 of the License, or (at your
15 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
17 * This program is distributed in the hope that it will be useful, but
18 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
19 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
23 #include "responder_init.h"
25 #include "../globals.h"
26 #include "../utils/allocator.h"
27 #include "../payloads/sa_payload.h"
28 #include "../payloads/ke_payload.h"
29 #include "../payloads/nonce_payload.h"
30 #include "../transforms/diffie_hellman.h"
33 * Private data of a responder_init_t object.
36 typedef struct private_responder_init_s private_responder_init_t
;
37 struct private_responder_init_s
{
39 * Methods of the state_t interface.
41 responder_init_t
public;
46 protected_ike_sa_t
*ike_sa
;
49 * Diffie Hellman object used to compute shared secret.
51 * After processing of incoming IKE_SA_INIT-Request the shared key is
52 * passed to the next state of type ike_sa_init_responded_t.
54 diffie_hellman_t
*diffie_hellman
;
57 * Diffie Hellman group number.
59 u_int16_t dh_group_number
;
62 * Priority used to get matching dh_group number.
64 u_int16_t dh_group_priority
;
69 * This value is passed to the next state of type ike_sa_init_responded_t.
74 * Received nonce value
76 chunk_t received_nonce
;
79 * Logger used to log data
81 * Is logger of ike_sa!
86 * Proposals used to initiate connection
88 linked_list_t
*proposals
;
91 * Builds the SA payload for this state.
93 * @param this calling object
94 * @param payload The generated SA payload object of type ke_payload_t is
95 * stored at this location.
100 status_t (*build_sa_payload
) (private_responder_init_t
*this, payload_t
**payload
);
103 * Builds the KE payload for this state.
105 * @param this calling object
106 * @param payload The generated KE payload object of type ke_payload_t is
107 * stored at this location.
112 status_t (*build_ke_payload
) (private_responder_init_t
*this, payload_t
**payload
);
114 * Builds the NONCE payload for this state.
116 * @param this calling object
117 * @param payload The generated NONCE payload object of type ke_payload_t is
118 * stored at this location.
123 status_t (*build_nonce_payload
) (private_responder_init_t
*this, payload_t
**payload
);
127 * Implements state_t.get_state
129 static status_t
process_message(private_responder_init_t
*this, message_t
*message
, state_t
**new_state
)
131 linked_list_iterator_t
*payloads
;
132 host_t
*source
, *destination
;
138 /* this is the first message we process, so copy host infos */
139 message
->get_source(message
, &source
);
140 message
->get_destination(message
, &destination
);
142 /* we need to clone them, since we destroy the message later */
143 destination
->clone(destination
, &(this->ike_sa
->me
.host
));
144 source
->clone(source
, &(this->ike_sa
->other
.host
));
146 /* parse incoming message */
147 status
= message
->parse_body(message
);
148 if (status
!= SUCCESS
)
150 this->logger
->log(this->logger
, ERROR
| MORE
, "Could not parse body of request message");
154 /* iterate over incoming payloads. We can be sure, the message contains only accepted payloads! */
155 status
= message
->get_payload_iterator(message
, &payloads
);
156 if (status
!= SUCCESS
)
158 this->logger
->log(this->logger
, ERROR
, "Fatal error: Could not get payload interator");
162 while (payloads
->has_next(payloads
))
166 /* get current payload */
167 payloads
->current(payloads
, (void**)&payload
);
169 this->logger
->log(this->logger
, CONTROL
|MORE
, "Processing payload of type %s", mapping_find(payload_type_m
, payload
->get_type(payload
)));
170 switch (payload
->get_type(payload
))
172 case SECURITY_ASSOCIATION
:
174 sa_payload_t
*sa_payload
= (sa_payload_t
*)payload
;
175 linked_list_iterator_t
*suggested_proposals
, *accepted_proposals
;
177 status
= this->proposals
->create_iterator(this->proposals
, &accepted_proposals
, FALSE
);
178 if (status
!= SUCCESS
)
180 this->logger
->log(this->logger
, ERROR
, "Fatal error: Could not create iterator on list for proposals");
181 payloads
->destroy(payloads
);
185 /* get the list of suggested proposals */
186 status
= sa_payload
->create_proposal_substructure_iterator(sa_payload
, &suggested_proposals
, TRUE
);
187 if (status
!= SUCCESS
)
189 this->logger
->log(this->logger
, ERROR
, "Fatal error: Could not create iterator on suggested proposals");
190 accepted_proposals
->destroy(accepted_proposals
);
191 payloads
->destroy(payloads
);
195 /* now let the configuration-manager select a subset of the proposals */
196 status
= global_configuration_manager
->select_proposals_for_host(global_configuration_manager
,
197 this->ike_sa
->other
.host
, suggested_proposals
, accepted_proposals
);
198 if (status
!= SUCCESS
)
200 this->logger
->log(this->logger
, CONTROL
| MORE
, "No proposal of suggested proposals selected");
201 suggested_proposals
->destroy(suggested_proposals
);
202 accepted_proposals
->destroy(accepted_proposals
);
203 payloads
->destroy(payloads
);
207 /* iterators are not needed anymore */
208 suggested_proposals
->destroy(suggested_proposals
);
209 accepted_proposals
->destroy(accepted_proposals
);
211 this->logger
->log(this->logger
, CONTROL
| MORE
, "SA Payload processed");
212 /* ok, we have what we need for sa_payload (proposals are stored in this->proposals)*/
217 ke_payload_t
*ke_payload
= (ke_payload_t
*)payload
;
218 diffie_hellman_group_t group
;
219 diffie_hellman_t
*dh
;
222 group
= ke_payload
->get_dh_group_number(ke_payload
);
224 status
= global_configuration_manager
->is_dh_group_allowed_for_host(global_configuration_manager
,
225 this->ike_sa
->other
.host
, group
, &allowed_group
);
227 if (status
!= SUCCESS
)
229 this->logger
->log(this->logger
, ERROR
| MORE
, "Could not get informations about DH group");
230 payloads
->destroy(payloads
);
235 /** @todo Send info reply */
238 /* create diffie hellman object to handle DH exchange */
239 dh
= diffie_hellman_create(group
);
242 this->logger
->log(this->logger
, ERROR
, "Could not generate DH object");
243 payloads
->destroy(payloads
);
247 this->logger
->log(this->logger
, CONTROL
| MORE
, "Set other DH public value");
249 status
= dh
->set_other_public_value(dh
, ke_payload
->get_key_exchange_data(ke_payload
));
250 if (status
!= SUCCESS
)
252 this->logger
->log(this->logger
, ERROR
, "Could not set other DH public value");
254 payloads
->destroy(payloads
);
258 this->diffie_hellman
= dh
;
260 this->logger
->log(this->logger
, CONTROL
| MORE
, "KE Payload processed");
265 nonce_payload_t
*nonce_payload
= (nonce_payload_t
*)payload
;
268 this->logger
->log(this->logger
, CONTROL
| MORE
, "Get nonce value and store it");
269 nonce_payload
->get_nonce(nonce_payload
, &nonce
);
270 /** @todo free if there is already one */
271 this->received_nonce
.ptr
= allocator_clone_bytes(nonce
.ptr
, nonce
.len
);
272 this->received_nonce
.len
= nonce
.len
;
273 if (this->received_nonce
.ptr
== NULL
)
275 payloads
->destroy(payloads
);
279 this->logger
->log(this->logger
, CONTROL
| MORE
, "Nonce Payload processed");
284 this->logger
->log(this->logger
, ERROR
| MORE
, "Payload type not supported!");
285 payloads
->destroy(payloads
);
292 /* iterator can be destroyed */
293 payloads
->destroy(payloads
);
295 /********************/
296 diffie_hellman_t
*dh
= this->diffie_hellman
;
297 chunk_t shared_secret
;
299 status
= dh
->get_shared_secret(dh
, &shared_secret
);
300 this->logger
->log_chunk(this->logger
, RAW
, "Shared secret", &shared_secret
);
302 allocator_free_chunk(shared_secret
);
303 /********************/
306 this->logger
->log(this->logger
, CONTROL
| MORE
, "Request successfully handled. Going to create reply.");
308 this->logger
->log(this->logger
, CONTROL
| MOST
, "Going to create nonce.");
309 if (this->ike_sa
->randomizer
->allocate_pseudo_random_bytes(this->ike_sa
->randomizer
, NONCE_SIZE
, &(this->sent_nonce
)) != SUCCESS
)
311 this->logger
->log(this->logger
, ERROR
, "Could not create nonce!");
316 /* set up the reply */
317 status
= this->ike_sa
->build_message(this->ike_sa
, IKE_SA_INIT
, FALSE
, &response
);
318 if (status
!= SUCCESS
)
320 this->logger
->log(this->logger
, ERROR
, "Could not create empty message");
324 /* build SA payload */
325 status
= this->build_sa_payload(this, &payload
);
326 if (status
!= SUCCESS
)
328 this->logger
->log(this->logger
, ERROR
, "Could not build SA payload");
332 this ->logger
->log(this->logger
, CONTROL
|MOST
, "add SA payload to message");
333 status
= response
->add_payload(response
, payload
);
334 if (status
!= SUCCESS
)
336 this->logger
->log(this->logger
, ERROR
, "Could not add SA payload to message");
340 /* build KE payload */
341 status
= this->build_ke_payload(this,&payload
);
342 if (status
!= SUCCESS
)
344 this->logger
->log(this->logger
, ERROR
, "Could not build KE payload");
348 this ->logger
->log(this->logger
, CONTROL
|MOST
, "add KE payload to message");
349 status
= response
->add_payload(response
, payload
);
350 if (status
!= SUCCESS
)
352 this->logger
->log(this->logger
, ERROR
, "Could not add KE payload to message");
356 /* build Nonce payload */
357 status
= this->build_nonce_payload(this, &payload
);
358 if (status
!= SUCCESS
)
360 this->logger
->log(this->logger
, ERROR
, "Could not build NONCE payload");
364 this ->logger
->log(this->logger
, CONTROL
|MOST
, "add nonce payload to message");
365 status
= response
->add_payload(response
, payload
);
366 if (status
!= SUCCESS
)
368 this->logger
->log(this->logger
, ERROR
, "Could not add nonce payload to message");
372 /* generate packet */
373 this ->logger
->log(this->logger
, CONTROL
|MOST
, "generate packet from message");
374 status
= response
->generate(response
, &packet
);
375 if (status
!= SUCCESS
)
377 this->logger
->log(this->logger
, ERROR
, "Fatal error: could not generate packet from message");
381 this ->logger
->log(this->logger
, CONTROL
|MOST
, "Add packet to global send queue");
382 status
= global_send_queue
->add(global_send_queue
, packet
);
383 if (status
!= SUCCESS
)
385 this->logger
->log(this->logger
, ERROR
, "Could not add packet to send queue");
389 if ( this->ike_sa
->last_responded_message
!= NULL
)
391 /* destroy message */
392 this ->logger
->log(this->logger
, CONTROL
|MOST
, "Destroy stored last responded message");
393 this->ike_sa
->last_responded_message
->destroy(this->ike_sa
->last_responded_message
);
396 this->ike_sa
->last_responded_message
= response
;
398 /* state has NOW changed :-) */
399 // this ->logger->log(this->logger, CONTROL|MORE, "Change state of IKE_SA from %s to %s",mapping_find(ike_sa_state_m,this->state),mapping_find(ike_sa_state_m,IKE_SA_INIT_REQUESTED) );
401 *new_state
= &(this->public.state_interface
);
407 * implements private_initiator_init_t.build_sa_payload
409 static status_t
build_sa_payload(private_responder_init_t
*this, payload_t
**payload
)
411 sa_payload_t
* sa_payload
;
412 linked_list_iterator_t
*proposal_iterator
;
416 /* SA payload takes proposals from this->ike_sa_init_data.proposals and writes them to the created sa_payload */
418 this->logger
->log(this->logger
, CONTROL
|MORE
, "building sa payload");
420 status
= this->proposals
->create_iterator(this->proposals
, &proposal_iterator
, FALSE
);
421 if (status
!= SUCCESS
)
423 this->logger
->log(this->logger
, ERROR
, "Fatal error: Could not create iterator on list for proposals");
427 sa_payload
= sa_payload_create();
428 if (sa_payload
== NULL
)
430 this->logger
->log(this->logger
, ERROR
, "Fatal error: Could not create SA payload object");
434 while (proposal_iterator
->has_next(proposal_iterator
))
436 proposal_substructure_t
*current_proposal
;
437 proposal_substructure_t
*current_proposal_clone
;
438 status
= proposal_iterator
->current(proposal_iterator
,(void **) ¤t_proposal
);
439 if (status
!= SUCCESS
)
441 this->logger
->log(this->logger
, ERROR
, "Could not get current proposal needed to copy");
442 proposal_iterator
->destroy(proposal_iterator
);
443 sa_payload
->destroy(sa_payload
);
446 status
= current_proposal
->clone(current_proposal
,¤t_proposal_clone
);
447 if (status
!= SUCCESS
)
449 this->logger
->log(this->logger
, ERROR
, "Could not clone current proposal");
450 proposal_iterator
->destroy(proposal_iterator
);
451 sa_payload
->destroy(sa_payload
);
455 status
= sa_payload
->add_proposal_substructure(sa_payload
,current_proposal_clone
);
456 if (status
!= SUCCESS
)
458 this->logger
->log(this->logger
, ERROR
, "Could not add cloned proposal to SA payload");
459 proposal_iterator
->destroy(proposal_iterator
);
460 sa_payload
->destroy(sa_payload
);
466 proposal_iterator
->destroy(proposal_iterator
);
468 this->logger
->log(this->logger
, CONTROL
|MORE
, "sa payload builded");
470 *payload
= (payload_t
*) sa_payload
;
476 * implements private_initiator_init_t.build_ke_payload
478 static status_t
build_ke_payload(private_responder_init_t
*this, payload_t
**payload
)
480 ke_payload_t
*ke_payload
;
484 this->logger
->log(this->logger
, CONTROL
|MORE
, "building ke payload");
487 this ->logger
->log(this->logger
, CONTROL
|MORE
, "get public dh value to send in ke payload");
488 status
= this->diffie_hellman
->get_my_public_value(this->diffie_hellman
,&key_data
);
489 if (status
!= SUCCESS
)
491 this->logger
->log(this->logger
, ERROR
, "Could not get my DH public value");
495 ke_payload
= ke_payload_create();
496 if (ke_payload
== NULL
)
498 this->logger
->log(this->logger
, ERROR
, "Could not create KE payload");
499 allocator_free_chunk(key_data
);
502 ke_payload
->set_dh_group_number(ke_payload
, MODP_1024_BIT
);
503 if (ke_payload
->set_key_exchange_data(ke_payload
, key_data
) != SUCCESS
)
505 this->logger
->log(this->logger
, ERROR
, "Could not set key exchange data of KE payload");
506 ke_payload
->destroy(ke_payload
);
507 allocator_free_chunk(key_data
);
510 allocator_free_chunk(key_data
);
512 *payload
= (payload_t
*) ke_payload
;
517 * implements private_initiator_init_t.build_nonce_payload
519 static status_t
build_nonce_payload(private_responder_init_t
*this, payload_t
**payload
)
521 nonce_payload_t
*nonce_payload
;
524 this->logger
->log(this->logger
, CONTROL
|MORE
, "building nonce payload");
526 nonce_payload
= nonce_payload_create();
527 if (nonce_payload
== NULL
)
529 this->logger
->log(this->logger
, ERROR
, "Fatal error: could not create nonce payload object");
533 status
= nonce_payload
->set_nonce(nonce_payload
, this->sent_nonce
);
535 if (status
!= SUCCESS
)
537 this->logger
->log(this->logger
, ERROR
, "Fatal error: could not set nonce data of payload");
538 nonce_payload
->destroy(nonce_payload
);
542 *payload
= (payload_t
*) nonce_payload
;
549 * Implements state_t.get_state
551 static ike_sa_state_t
get_state(private_responder_init_t
*this)
553 return RESPONDER_INIT
;
557 * Implements state_t.get_state
559 static status_t
destroy(private_responder_init_t
*this)
561 this->logger
->log(this->logger
, CONTROL
| MORE
, "Going to destroy responder init state object");
563 /* destroy stored proposal */
564 this->logger
->log(this->logger
, CONTROL
| MOST
, "Destroy stored proposals");
565 while (this->proposals
->get_count(this->proposals
) > 0)
567 proposal_substructure_t
*current_proposal
;
568 this->proposals
->remove_first(this->proposals
,(void **)¤t_proposal
);
569 current_proposal
->destroy(current_proposal
);
571 this->proposals
->destroy(this->proposals
);
573 if (this->sent_nonce
.ptr
!= NULL
)
575 this->logger
->log(this->logger
, CONTROL
| MOST
, "Destroy sent nonce");
576 allocator_free(this->sent_nonce
.ptr
);
579 if (this->received_nonce
.ptr
!= NULL
)
581 this->logger
->log(this->logger
, CONTROL
| MOST
, "Destroy received nonce");
582 allocator_free(this->received_nonce
.ptr
);
585 /* destroy diffie hellman object */
586 if (this->diffie_hellman
!= NULL
)
588 this->logger
->log(this->logger
, CONTROL
| MOST
, "Destroy diffie_hellman_t object");
589 this->diffie_hellman
->destroy(this->diffie_hellman
);
592 allocator_free(this);
599 * Described in header.
601 responder_init_t
*responder_init_create(protected_ike_sa_t
*ike_sa
)
603 private_responder_init_t
*this = allocator_alloc_thing(private_responder_init_t
);
610 /* interface functions */
611 this->public.state_interface
.process_message
= (status_t (*) (state_t
*,message_t
*,state_t
**)) process_message
;
612 this->public.state_interface
.get_state
= (ike_sa_state_t (*) (state_t
*)) get_state
;
613 this->public.state_interface
.destroy
= (status_t (*) (state_t
*)) destroy
;
615 /* private functions */
616 this->build_sa_payload
= build_sa_payload
;
617 this->build_ke_payload
= build_ke_payload
;
618 this->build_nonce_payload
= build_nonce_payload
;
621 this->ike_sa
= ike_sa
;
622 this->logger
= this->ike_sa
->logger
;
623 this->sent_nonce
.ptr
= NULL
;
624 this->sent_nonce
.len
= 0;
625 this->received_nonce
.ptr
= NULL
;
626 this->received_nonce
.len
= 0;
627 this->proposals
= linked_list_create();
628 if (this->proposals
== NULL
)
630 allocator_free(this);
634 return &(this->public);
projects / strongswan.git / blob