moved interface enumeration code to socket, where it belongs
[strongswan.git] / src / charon / sa / ike_sa.c
1 /**
2 * @file ike_sa.c
3 *
4 * @brief Implementation of ike_sa_t.
5 *
6 */
7
8 /*
9 * Copyright (C) 2006 Tobias Brunner, Daniel Roethlisberger
10 * Copyright (C) 2005-2006 Martin Willi
11 * Copyright (C) 2005 Jan Hutter
12 * Hochschule fuer Technik Rapperswil
13 *
14 * This program is free software; you can redistribute it and/or modify it
15 * under the terms of the GNU General Public License as published by the
16 * Free Software Foundation; either version 2 of the License, or (at your
17 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
18 *
19 * This program is distributed in the hope that it will be useful, but
20 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
21 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
22 * for more details.
23 */
24
25 #include <sys/time.h>
26 #include <string.h>
27
28 #include "ike_sa.h"
29
30 #include <types.h>
31 #include <daemon.h>
32 #include <definitions.h>
33 #include <utils/linked_list.h>
34 #include <utils/logger_manager.h>
35 #include <crypto/diffie_hellman.h>
36 #include <crypto/prf_plus.h>
37 #include <crypto/crypters/crypter.h>
38 #include <crypto/hashers/hasher.h>
39 #include <encoding/payloads/sa_payload.h>
40 #include <encoding/payloads/nonce_payload.h>
41 #include <encoding/payloads/ke_payload.h>
42 #include <encoding/payloads/delete_payload.h>
43 #include <encoding/payloads/transform_substructure.h>
44 #include <encoding/payloads/transform_attribute.h>
45 #include <encoding/payloads/ts_payload.h>
46 #include <sa/transactions/transaction.h>
47 #include <sa/transactions/ike_sa_init.h>
48 #include <sa/transactions/delete_ike_sa.h>
49 #include <sa/transactions/create_child_sa.h>
50 #include <sa/transactions/delete_child_sa.h>
51 #include <sa/transactions/dead_peer_detection.h>
52 #include <sa/transactions/rekey_ike_sa.h>
53 #include <queues/jobs/retransmit_request_job.h>
54 #include <queues/jobs/delete_established_ike_sa_job.h>
55 #include <queues/jobs/delete_half_open_ike_sa_job.h>
56 #include <queues/jobs/send_dpd_job.h>
57 #include <queues/jobs/send_keepalive_job.h>
58 #include <queues/jobs/rekey_ike_sa_job.h>
59
60 /**
61 * String mappings for ike_sa_state_t.
62 */
63 mapping_t ike_sa_state_m[] = {
64 {IKE_CREATED, "CREATED"},
65 {IKE_CONNECTING, "CONNECTING"},
66 {IKE_ESTABLISHED, "ESTABLISHED"},
67 {IKE_REKEYING, "REKEYING"},
68 {IKE_DELETING, "DELETING"},
69 {MAPPING_END, NULL}
70 };
71
72
73 typedef struct private_ike_sa_t private_ike_sa_t;
74
75 /**
76 * Private data of an ike_sa_t object.
77 */
78 struct private_ike_sa_t {
79
80 /**
81 * Public members
82 */
83 ike_sa_t public;
84
85 /**
86 * Identifier for the current IKE_SA.
87 */
88 ike_sa_id_t *ike_sa_id;
89
90 /**
91 * Current state of the IKE_SA
92 */
93 ike_sa_state_t state;
94
95 /**
96 * Name of the connection used by this IKE_SA
97 */
98 char *name;
99
100 /**
101 * Address of local host
102 */
103 host_t *my_host;
104
105 /**
106 * Address of remote host
107 */
108 host_t *other_host;
109
110 /**
111 * Identification used for us
112 */
113 identification_t *my_id;
114
115 /**
116 * Identification used for other
117 */
118 identification_t *other_id;
119
120 /**
121 * Linked List containing the child sa's of the current IKE_SA.
122 */
123 linked_list_t *child_sas;
124
125 /**
126 * crypter for inbound traffic
127 */
128 crypter_t *crypter_in;
129
130 /**
131 * crypter for outbound traffic
132 */
133 crypter_t *crypter_out;
134
135 /**
136 * Signer for inbound traffic
137 */
138 signer_t *signer_in;
139
140 /**
141 * Signer for outbound traffic
142 */
143 signer_t *signer_out;
144
145 /**
146 * Multi purpose prf, set key, use it, forget it
147 */
148 prf_t *prf;
149
150 /**
151 * Prf function for derivating keymat child SAs
152 */
153 prf_t *child_prf;
154
155 /**
156 * PRF, with key set to pi_key, used for authentication
157 */
158 prf_t *prf_auth_i;
159
160 /**
161 * PRF, with key set to pr_key, used for authentication
162 */
163 prf_t *prf_auth_r;
164
165 /**
166 * A logger for this IKE_SA.
167 */
168 logger_t *logger;
169
170 /**
171 * NAT hasher.
172 */
173 hasher_t *nat_hasher;
174
175 /**
176 * NAT status of local host.
177 */
178 bool nat_here;
179
180 /**
181 * NAT status of remote host.
182 */
183 bool nat_there;
184
185 /**
186 * message ID for next outgoung request
187 */
188 u_int32_t message_id_out;
189
190 /**
191 * Timestamps for this IKE_SA
192 */
193 struct {
194 /** last IKE message received */
195 u_int32_t inbound;
196 /** last IKE message sent */
197 u_int32_t outbound;
198 /** when IKE_SA became established */
199 u_int32_t established;
200 /** when IKE_SA gets rekeyed */
201 u_int32_t rekey;
202 /** when IKE_SA gets deleted */
203 u_int32_t delete;
204 } time;
205
206 /**
207 * List of queued transactions to process
208 */
209 linked_list_t *transaction_queue;
210
211 /**
212 * Transaction currently initiated
213 * (only one supported yet, window size = 1)
214 */
215 transaction_t *transaction_out;
216
217 /**
218 * last transaction initiated by peer processed.
219 * (only one supported yet, window size = 1)
220 * Stored for retransmission.
221 */
222 transaction_t *transaction_in;
223
224 /**
225 * Next incoming transaction expected. Used to
226 * do multi transaction operations.
227 */
228 transaction_t *transaction_in_next;
229
230 /**
231 * Transaction which rekeys this IKE_SA, used do detect simultaneus rekeying
232 */
233 rekey_ike_sa_t *rekeying_transaction;
234 };
235
236 /**
237 * get the time of the latest traffic processed by the kernel
238 */
239 static time_t get_kernel_time(private_ike_sa_t* this, bool inbound)
240 {
241 iterator_t *iterator;
242 child_sa_t *child_sa;
243 time_t latest = 0, use_time;
244
245 iterator = this->child_sas->create_iterator(this->child_sas, TRUE);
246 while (iterator->iterate(iterator, (void**)&child_sa))
247 {
248 if (child_sa->get_use_time(child_sa, inbound, &use_time) == SUCCESS)
249 {
250 latest = max(latest, use_time);
251 }
252 }
253 iterator->destroy(iterator);
254
255 return latest;
256 }
257
258 /**
259 * get the time of the latest received traffice
260 */
261 static time_t get_time_inbound(private_ike_sa_t *this)
262 {
263 return max(this->time.inbound, get_kernel_time(this, TRUE));
264 }
265
266 /**
267 * get the time of the latest sent traffic
268 */
269 static time_t get_time_outbound(private_ike_sa_t *this)
270 {
271 return max(this->time.outbound, get_kernel_time(this, FALSE));
272 }
273
274 /**
275 * Implementation of ike_sa_t.get_name.
276 */
277 static char *get_name(private_ike_sa_t *this)
278 {
279 return this->name;
280 }
281
282 /**
283 * Implementation of ike_sa_t.set_name.
284 */
285 static void set_name(private_ike_sa_t *this, char* name)
286 {
287 free(this->name);
288 this->name = strdup(name);
289 }
290
291 /**
292 * Implementation of ike_sa_t.get_my_host.
293 */
294 static host_t *get_my_host(private_ike_sa_t *this)
295 {
296 return this->my_host;
297 }
298
299 /**
300 * Implementation of ike_sa_t.set_my_host.
301 */
302 static void set_my_host(private_ike_sa_t *this, host_t *me)
303 {
304 DESTROY_IF(this->my_host);
305 this->my_host = me;
306 }
307
308 /**
309 * Implementation of ike_sa_t.get_other_host.
310 */
311 static host_t *get_other_host(private_ike_sa_t *this)
312 {
313 return this->other_host;
314 }
315
316 /**
317 * Implementation of ike_sa_t.set_other_host.
318 */
319 static void set_other_host(private_ike_sa_t *this, host_t *other)
320 {
321 DESTROY_IF(this->other_host);
322 this->other_host = other;
323 }
324
325 /**
326 * Update connection host, as addresses may change (NAT)
327 */
328 static void update_hosts(private_ike_sa_t *this, host_t *me, host_t *other)
329 {
330 /*
331 * Quoting RFC 4306:
332 *
333 * 2.11. Address and Port Agility
334 *
335 * IKE runs over UDP ports 500 and 4500, and implicitly sets up ESP and
336 * AH associations for the same IP addresses it runs over. The IP
337 * addresses and ports in the outer header are, however, not themselves
338 * cryptographically protected, and IKE is designed to work even through
339 * Network Address Translation (NAT) boxes. An implementation MUST
340 * accept incoming requests even if the source port is not 500 or 4500,
341 * and MUST respond to the address and port from which the request was
342 * received. It MUST specify the address and port at which the request
343 * was received as the source address and port in the response. IKE
344 * functions identically over IPv4 or IPv6.
345 *
346 * [...]
347 *
348 * There are cases where a NAT box decides to remove mappings that
349 * are still alive (for example, the keepalive interval is too long,
350 * or the NAT box is rebooted). To recover in these cases, hosts
351 * that are not behind a NAT SHOULD send all packets (including
352 * retransmission packets) to the IP address and port from the last
353 * valid authenticated packet from the other end (i.e., dynamically
354 * update the address). A host behind a NAT SHOULD NOT do this
355 * because it opens a DoS attack possibility. Any authenticated IKE
356 * packet or any authenticated UDP-encapsulated ESP packet can be
357 * used to detect that the IP address or the port has changed.
358 */
359 iterator_t *iterator = NULL;
360 child_sa_t *child_sa = NULL;
361 host_diff_t my_diff, other_diff;
362
363 if (this->my_host->is_anyaddr(this->my_host) ||
364 this->other_host->is_anyaddr(this->other_host))
365 {
366 /* on first received message */
367 this->my_host->destroy(this->my_host);
368 this->my_host = me->clone(me);
369 this->other_host->destroy(this->other_host);
370 this->other_host = other->clone(other);
371 return;
372 }
373
374 my_diff = me->get_differences(me, this->my_host);
375 other_diff = other->get_differences(other, this->other_host);
376
377 if (!my_diff && !other_diff)
378 {
379 return;
380 }
381
382 if (my_diff)
383 {
384 this->my_host->destroy(this->my_host);
385 this->my_host = me->clone(me);
386 }
387
388 if (!this->nat_here)
389 {
390 /* update without restrictions if we are not NATted */
391 if (other_diff)
392 {
393 this->other_host->destroy(this->other_host);
394 this->other_host = other->clone(other);
395 }
396 }
397 else
398 {
399 /* if we are natted, only port may change */
400 if (other_diff & HOST_DIFF_ADDR)
401 {
402 return;
403 }
404 else if (other_diff & HOST_DIFF_PORT)
405 {
406 this->other_host->set_port(this->other_host, other->get_port(other));
407 }
408 }
409 iterator = this->child_sas->create_iterator(this->child_sas, TRUE);
410 while (iterator->iterate(iterator, (void**)&child_sa))
411 {
412 child_sa->update_hosts(child_sa, this->my_host, this->other_host,
413 my_diff, other_diff);
414 /* TODO: what to do if update fails? Delete CHILD_SA? */
415 }
416 iterator->destroy(iterator);
417 }
418
419 /**
420 * send a request and schedule retransmission
421 */
422 static status_t transmit_request(private_ike_sa_t *this)
423 {
424 message_t *request;
425 packet_t *packet;
426 status_t status;
427 retransmit_request_job_t *job;
428 u_int32_t transmitted;
429 u_int32_t timeout;
430 transaction_t *transaction = this->transaction_out;
431 u_int32_t message_id = transaction->get_message_id(transaction);
432
433 transmitted = transaction->requested(transaction);
434 timeout = charon->configuration->get_retransmit_timeout(charon->configuration,
435 transmitted);
436 if (timeout == 0)
437 {
438 this->logger->log(this->logger, ERROR,
439 "giving up after %d retransmits, deleting IKE_SA",
440 transmitted - 1);
441 return DESTROY_ME;
442 }
443
444 status = transaction->get_request(transaction, &request);
445 if (status != SUCCESS)
446 {
447 return status;
448 }
449 /* if we retransmit, the request is already generated */
450 if (transmitted == 0)
451 {
452 status = request->generate(request, this->crypter_out, this->signer_out, &packet);
453 if (status != SUCCESS)
454 {
455 this->logger->log(this->logger, ERROR,
456 "request generation failed. transaction discarded");
457 return FAILED;
458 }
459 }
460 else
461 {
462 this->logger->log(this->logger, CONTROL,
463 "sending retransmit %d for %s request with message ID %d",
464 transmitted,
465 mapping_find(exchange_type_m, request->get_exchange_type(request)),
466 message_id);
467 packet = request->get_packet(request);
468 }
469 /* finally send */
470 charon->send_queue->add(charon->send_queue, packet);
471 this->time.outbound = time(NULL);
472
473 /* schedule retransmission job */
474 job = retransmit_request_job_create(message_id, this->ike_sa_id);
475 charon->event_queue->add_relative(charon->event_queue, (job_t*)job, timeout);
476 return SUCCESS;
477 }
478
479 /**
480 * Implementation of ike_sa.retransmit_request.
481 */
482 static status_t retransmit_request(private_ike_sa_t *this, u_int32_t message_id)
483 {
484 if (this->transaction_out == NULL ||
485 this->transaction_out->get_message_id(this->transaction_out) != message_id)
486 {
487 /* no retransmit necessary, transaction did already complete */
488 return SUCCESS;
489 }
490 return transmit_request(this);
491 }
492
493 /**
494 * Check for transactions in the queue and initiate the first transaction found.
495 */
496 static status_t process_transaction_queue(private_ike_sa_t *this)
497 {
498 if (this->transaction_out)
499 {
500 /* already a transaction in progress */
501 return SUCCESS;
502 }
503
504 while (TRUE)
505 {
506 if (this->transaction_queue->remove_first(this->transaction_queue,
507 (void**)&this->transaction_out) != SUCCESS)
508 {
509 /* transaction queue empty */
510 return SUCCESS;
511 }
512 switch (transmit_request(this))
513 {
514 case SUCCESS:
515 return SUCCESS;
516 case DESTROY_ME:
517 /* critical, IKE_SA unusable, destroy immediately */
518 this->logger->log(this->logger, ERROR,
519 "transaction initiaton failed, deleting IKE_SA");
520 return DESTROY_ME;
521 default:
522 /* discard transaction, process next one */
523 this->logger->log(this->logger, ERROR,
524 "transaction initiation failed, discarded");
525 this->transaction_out->destroy(this->transaction_out);
526 this->transaction_out = NULL;
527 /* handle next transaction */
528 continue;
529 }
530 }
531 }
532
533 /**
534 * Queue a new transaction and execute the next outstanding transaction
535 */
536 static status_t queue_transaction(private_ike_sa_t *this, transaction_t *transaction, bool prefer)
537 {
538 /* inject next transaction */
539 if (transaction)
540 {
541 if (prefer)
542 {
543 this->transaction_queue->insert_first(this->transaction_queue, transaction);
544 }
545 else
546 {
547 this->transaction_queue->insert_last(this->transaction_queue, transaction);
548 }
549 }
550 /* process a transaction */
551 return process_transaction_queue(this);
552 }
553
554 /**
555 * process an incoming request.
556 */
557 static status_t process_request(private_ike_sa_t *this, message_t *request)
558 {
559 transaction_t *last, *current = NULL;
560 message_t *response;
561 packet_t *packet;
562 u_int32_t request_mid;
563 status_t status;
564
565 request_mid = request->get_message_id(request);
566 last = this->transaction_in;
567
568 /* check if message ID is correct */
569 if (last)
570 {
571 u_int32_t last_mid = last->get_message_id(last);
572
573 if (last_mid == request_mid)
574 {
575 /* retransmit detected */
576 this->logger->log(this->logger, ERROR,
577 "received retransmitted request for message ID %d, retransmitting response",
578 request_mid);
579 last->get_response(last, request, &response, &this->transaction_in_next);
580 packet = response->get_packet(response);
581 charon->send_queue->add(charon->send_queue, packet);
582 this->time.outbound = time(NULL);
583 return SUCCESS;
584 }
585
586 if (last_mid > request_mid)
587 {
588 /* something seriously wrong here, message id may not decrease */
589 this->logger->log(this->logger, ERROR,
590 "received request with message ID %d, excepted %d, ingored",
591 request_mid, last_mid + 1);
592 return FAILED;
593 }
594 /* we allow jumps in message IDs, as long as they are incremental */
595 if (last_mid + 1 < request_mid)
596 {
597 this->logger->log(this->logger, ERROR,
598 "received request with message ID %d, excepted %d",
599 request_mid, last_mid + 1);
600 }
601 }
602 else
603 {
604 if (request_mid != 0)
605 {
606 /* warn, but allow it */
607 this->logger->log(this->logger, CONTROL,
608 "first received request has message ID %d, excepted 0",
609 request_mid);
610 }
611 }
612
613 /* check if we already have a pre-created transaction for this request */
614 if (this->transaction_in_next)
615 {
616 current = this->transaction_in_next;
617 this->transaction_in_next = NULL;
618 }
619 else
620 {
621 current = transaction_create(&this->public, request);
622 if (current == NULL)
623 {
624 this->logger->log(this->logger, ERROR,
625 "no idea how to handle received message (%d), ignored",
626 request->get_exchange_type(request));
627 return FAILED;
628 }
629 }
630
631 /* send message. get_request() always gives a valid response */
632 status = current->get_response(current, request, &response, &this->transaction_in_next);
633 if (response->generate(response, this->crypter_out, this->signer_out, &packet) != SUCCESS)
634 {
635 this->logger->log(this->logger, ERROR,
636 "response generation failed, discarding transaction");
637 current->destroy(current);
638 return FAILED;
639 }
640
641 charon->send_queue->add(charon->send_queue, packet);
642 this->time.outbound = time(NULL);
643 /* act depending on transaction result */
644 switch (status)
645 {
646 case DESTROY_ME:
647 /* transactions says we should destroy the IKE_SA, so do it */
648 current->destroy(current);
649 return DESTROY_ME;
650 default:
651 /* store for retransmission, destroy old transaction */
652 this->transaction_in = current;
653 if (last)
654 {
655 last->destroy(last);
656 }
657 return SUCCESS;
658 }
659 }
660
661 /**
662 * process an incoming response
663 */
664 static status_t process_response(private_ike_sa_t *this, message_t *response)
665 {
666 transaction_t *current, *new = NULL;
667
668 current = this->transaction_out;
669 /* check if message ID is that of our currently active transaction */
670 if (current == NULL ||
671 current->get_message_id(current) !=
672 response->get_message_id(response))
673 {
674 this->logger->log(this->logger, ERROR,
675 "received response with message ID %d not requested, ignored");
676 return FAILED;
677 }
678
679 switch (current->conclude(current, response, &new))
680 {
681 case DESTROY_ME:
682 /* state requested to destroy IKE_SA */
683 return DESTROY_ME;
684 default:
685 /* discard transaction, process next one */
686 break;
687 }
688 /* transaction comleted, remove */
689 current->destroy(current);
690 this->transaction_out = NULL;
691
692 /* queue new transaction */
693 return queue_transaction(this, new, TRUE);
694 }
695
696 /**
697 * send a notify back to the sender
698 */
699 static void send_notify_response(private_ike_sa_t *this,
700 message_t *request,
701 notify_type_t type)
702 {
703 notify_payload_t *notify;
704 message_t *response;
705 host_t *src, *dst;
706 packet_t *packet;
707
708 response = message_create();
709 dst = request->get_source(request);
710 src = request->get_destination(request);
711 response->set_source(response, src->clone(src));
712 response->set_destination(response, dst->clone(dst));
713 response->set_exchange_type(response, request->get_exchange_type(request));
714 response->set_request(response, FALSE);
715 response->set_message_id(response, request->get_message_id(request));
716 response->set_ike_sa_id(response, this->ike_sa_id);
717 notify = notify_payload_create_from_protocol_and_type(PROTO_NONE, type);
718 response->add_payload(response, (payload_t *)notify);
719 if (response->generate(response, this->crypter_out, this->signer_out, &packet) != SUCCESS)
720 {
721 response->destroy(response);
722 return;
723 }
724 charon->send_queue->add(charon->send_queue, packet);
725 this->time.outbound = time(NULL);
726 response->destroy(response);
727 return;
728 }
729
730
731 /**
732 * Implementation of ike_sa_t.process_message.
733 */
734 static status_t process_message(private_ike_sa_t *this, message_t *message)
735 {
736 status_t status;
737 bool is_request;
738
739 is_request = message->get_request(message);
740
741 status = message->parse_body(message, this->crypter_in, this->signer_in);
742 if (status != SUCCESS)
743 {
744 if (is_request)
745 {
746 switch (status)
747 {
748 case NOT_SUPPORTED:
749 this->logger->log(this->logger, ERROR,
750 "ciritcal unknown payloads found");
751 if (is_request)
752 {
753 send_notify_response(this, message, UNSUPPORTED_CRITICAL_PAYLOAD);
754 }
755 break;
756 case PARSE_ERROR:
757 this->logger->log(this->logger, ERROR,
758 "message parsing failed");
759 if (is_request)
760 {
761 send_notify_response(this, message, INVALID_SYNTAX);
762 }
763 break;
764 case VERIFY_ERROR:
765 this->logger->log(this->logger, ERROR,
766 "message verification failed");
767 if (is_request)
768 {
769 send_notify_response(this, message, INVALID_SYNTAX);
770 }
771 break;
772 case FAILED:
773 this->logger->log(this->logger, ERROR,
774 "integrity check failed");
775 /* ignored */
776 break;
777 case INVALID_STATE:
778 this->logger->log(this->logger, ERROR,
779 "found encrypted message, but no keys available");
780 if (is_request)
781 {
782 send_notify_response(this, message, INVALID_SYNTAX);
783 }
784 default:
785 break;
786 }
787 }
788 this->logger->log(this->logger, ERROR,
789 "%s %s with message ID %d processing failed",
790 mapping_find(exchange_type_m, message->get_exchange_type(message)),
791 message->get_request(message) ? "request" : "response",
792 message->get_message_id(message));
793 }
794 else
795 {
796 /* check if message is trustworthy, and update connection information */
797 if (this->state == IKE_CREATED ||
798 message->get_exchange_type(message) != IKE_SA_INIT)
799 {
800 update_hosts(this, message->get_destination(message),
801 message->get_source(message));
802 this->time.inbound = time(NULL);
803 }
804 if (is_request)
805 {
806 status = process_request(this, message);
807 }
808 else
809 {
810 status = process_response(this, message);
811 }
812 }
813 return status;
814 }
815
816 /**
817 * Implementation of ike_sa_t.initiate.
818 */
819 static status_t initiate(private_ike_sa_t *this,
820 connection_t *connection, policy_t *policy)
821 {
822 switch (this->state)
823 {
824 case IKE_CREATED:
825 {
826 /* in state CREATED, we must do the ike_sa_init
827 * and ike_auth transactions. Along with these,
828 * a CHILD_SA with the supplied policy is set up.
829 */
830 ike_sa_init_t *ike_sa_init;
831
832 this->logger->log(this->logger, CONTROL,
833 "initiating IKE_SA");
834
835 set_name(this, connection->get_name(connection));
836 DESTROY_IF(this->my_host);
837 this->my_host = connection->get_my_host(connection);
838 this->my_host = this->my_host->clone(this->my_host);
839 DESTROY_IF(this->other_host);
840 this->other_host = connection->get_other_host(connection);
841 this->other_host = this->other_host->clone(this->other_host);
842
843 this->message_id_out = 1;
844 ike_sa_init = ike_sa_init_create(&this->public);
845 ike_sa_init->set_config(ike_sa_init, connection, policy);
846 return queue_transaction(this, (transaction_t*)ike_sa_init, TRUE);
847 }
848 case IKE_DELETING:
849 case IKE_REKEYING:
850 {
851 /* if we are in DELETING/REKEYING, we deny set up of a policy. */
852 this->logger->log(this->logger, CONTROL,
853 "creating CHILD_SA discarded, as IKE_SA is in state %s",
854 mapping_find(ike_sa_state_m, this->state));
855 policy->destroy(policy);
856 connection->destroy(connection);
857 return FAILED;
858 }
859 case IKE_CONNECTING:
860 case IKE_ESTABLISHED:
861 {
862 /* if we are ESTABLISHED or CONNECTING,we queue the
863 * transaction to create the CHILD_SA. It gets processed
864 * when the IKE_SA is ready to do so. We don't need the
865 * connection, as the IKE_SA is already established/establishing.
866 */
867 create_child_sa_t *create_child;
868
869 this->logger->log(this->logger, CONTROL,
870 "initiating CHILD_SA");
871
872 connection->destroy(connection);
873 create_child = create_child_sa_create(&this->public);
874 create_child->set_policy(create_child, policy);
875 return queue_transaction(this, (transaction_t*)create_child, FALSE);
876 }
877 }
878 return FAILED;
879 }
880
881 /**
882 * Implementation of ike_sa_t.acquire.
883 */
884 static status_t acquire(private_ike_sa_t *this, u_int32_t reqid)
885 {
886 connection_t *connection;
887 policy_t *policy;
888 iterator_t *iterator;
889 child_sa_t *current, *child_sa = NULL;
890 linked_list_t *my_ts, *other_ts;
891
892 if (this->state == IKE_DELETING)
893 {
894 this->logger->log(this->logger, CONTROL,
895 "acquiring CHILD_SA with reqid %d discarded, as IKE_SA is deleting",
896 reqid);
897 return FAILED;
898 }
899
900
901 /* find CHILD_SA */
902 iterator = this->child_sas->create_iterator(this->child_sas, TRUE);
903 while (iterator->iterate(iterator, (void**)&current))
904 {
905 if (current->get_reqid(current) == reqid)
906 {
907 iterator->remove(iterator);
908 child_sa = current;
909 break;
910 }
911 }
912 iterator->destroy(iterator);
913 if (!child_sa)
914 {
915 this->logger->log(this->logger, ERROR,
916 "CHILD_SA with reqid %d not found, unable to acquire",
917 reqid);
918 return FAILED;
919 }
920 my_ts = child_sa->get_my_traffic_selectors(child_sa);
921 other_ts = child_sa->get_other_traffic_selectors(child_sa);
922
923 policy = charon->policies->get_policy(charon->policies,
924 this->my_id, this->other_id,
925 my_ts, other_ts,
926 this->my_host, this->other_host);
927 child_sa->destroy(child_sa);
928 if (policy == NULL)
929 {
930 this->logger->log(this->logger, ERROR,
931 "no policy found to acquire CHILD_SA with reqid %d",
932 reqid);
933 return FAILED;
934 }
935
936 switch (this->state)
937 {
938 case IKE_CREATED:
939 {
940 ike_sa_init_t *ike_sa_init;
941
942 this->logger->log(this->logger, CONTROL,
943 "acquiring CHILD_SA with reqid %d, IKE_SA setup needed",
944 reqid);
945
946 connection = charon->connections->get_connection_by_hosts(
947 charon->connections, this->my_host, this->other_host);
948
949 if (connection == NULL)
950 {
951 this->logger->log(this->logger, ERROR,
952 "no connection found to acquire IKE_SA for CHILD_SA with reqid %d",
953 reqid);
954 policy->destroy(policy);
955 return FAILED;
956 }
957
958 this->message_id_out = 1;
959 ike_sa_init = ike_sa_init_create(&this->public);
960 ike_sa_init->set_config(ike_sa_init, connection, policy);
961 return queue_transaction(this, (transaction_t*)ike_sa_init, TRUE);
962 }
963 case IKE_CONNECTING:
964 case IKE_ESTABLISHED:
965 {
966 create_child_sa_t *create_child;
967
968 this->logger->log(this->logger, CONTROL,
969 "acquiring CHILD_SA with reqid %d",
970 reqid);
971
972 create_child = create_child_sa_create(&this->public);
973 create_child->set_policy(create_child, policy);
974 return queue_transaction(this, (transaction_t*)create_child, FALSE);
975 }
976 default:
977 break;
978 }
979 return FAILED;
980 }
981
982 /**
983 * destroy a list of traffic selectors
984 */
985 static void ts_list_destroy(linked_list_t *list)
986 {
987 traffic_selector_t *ts;
988 while (list->remove_last(list, (void**)&ts) == SUCCESS)
989 {
990 ts->destroy(ts);
991 }
992 list->destroy(list);
993 }
994
995 /**
996 * compare two lists of traffic selectors for equality
997 */
998 static bool ts_list_equals(linked_list_t *l1, linked_list_t *l2)
999 {
1000 bool equals = TRUE;
1001 iterator_t *i1, *i2;
1002 traffic_selector_t *t1, *t2;
1003
1004 i1 = l1->create_iterator(l1, TRUE);
1005 i2 = l2->create_iterator(l2, TRUE);
1006 while (i1->iterate(i1, (void**)&t1) && i2->iterate(i2, (void**)&t2))
1007 {
1008 if (!t1->equals(t1, t2))
1009 {
1010 equals = FALSE;
1011 break;
1012 }
1013 }
1014 /* check if one iterator is not at the end */
1015 if (i1->has_next(i1) || i2->has_next(i2))
1016 {
1017 equals = FALSE;
1018 }
1019 i1->destroy(i1);
1020 i2->destroy(i2);
1021 return equals;
1022 }
1023
1024 /**
1025 * Implementation of ike_sa_t.route.
1026 */
1027 static status_t route(private_ike_sa_t *this, connection_t *connection, policy_t *policy)
1028 {
1029 child_sa_t *child_sa = NULL;
1030 iterator_t *iterator;
1031 linked_list_t *my_ts, *other_ts;
1032 status_t status;
1033
1034 /* check if not already routed*/
1035 iterator = this->child_sas->create_iterator(this->child_sas, TRUE);
1036 while (iterator->iterate(iterator, (void**)&child_sa))
1037 {
1038 linked_list_t *my_ts_conf, *other_ts_conf;
1039
1040 my_ts = child_sa->get_my_traffic_selectors(child_sa);
1041 other_ts = child_sa->get_other_traffic_selectors(child_sa);
1042
1043 my_ts_conf = policy->get_my_traffic_selectors(policy, this->my_host);
1044 other_ts_conf = policy->get_other_traffic_selectors(policy, this->other_host);
1045
1046 if (ts_list_equals(my_ts, my_ts_conf) &&
1047 ts_list_equals(other_ts, other_ts_conf))
1048 {
1049 ts_list_destroy(my_ts_conf);
1050 ts_list_destroy(other_ts_conf);
1051 iterator->destroy(iterator);
1052 this->logger->log(this->logger, CONTROL,
1053 "a CHILD_SA with such a policy already routed");
1054
1055 return FAILED;
1056 }
1057 ts_list_destroy(my_ts_conf);
1058 ts_list_destroy(other_ts_conf);
1059 }
1060 iterator->destroy(iterator);
1061
1062 switch (this->state)
1063 {
1064 case IKE_CREATED:
1065 case IKE_CONNECTING:
1066 /* we update IKE_SA information as good as possible,
1067 * this allows us to set up the SA later when an acquire comes in. */
1068 if (this->my_id->get_type(this->my_id) == ID_ANY)
1069 {
1070 this->my_id->destroy(this->my_id);
1071 this->my_id = policy->get_my_id(policy);
1072 this->my_id = this->my_id->clone(this->my_id);
1073 }
1074 if (this->other_id->get_type(this->other_id) == ID_ANY)
1075 {
1076 this->other_id->destroy(this->other_id);
1077 this->other_id = policy->get_other_id(policy);
1078 this->other_id = this->other_id->clone(this->other_id);
1079 }
1080 if (this->my_host->is_anyaddr(this->my_host))
1081 {
1082 this->my_host->destroy(this->my_host);
1083 this->my_host = connection->get_my_host(connection);
1084 this->my_host = this->my_host->clone(this->my_host);
1085 }
1086 if (this->other_host->is_anyaddr(this->other_host))
1087 {
1088 this->other_host->destroy(this->other_host);
1089 this->other_host = connection->get_other_host(connection);
1090 this->other_host = this->other_host->clone(this->other_host);
1091 }
1092 set_name(this, connection->get_name(connection));
1093 break;
1094 case IKE_ESTABLISHED:
1095 case IKE_REKEYING:
1096 /* nothing to do. We allow it for rekeying, as it will be
1097 * adopted by the new IKE_SA */
1098 break;
1099 case IKE_DELETING:
1100 /* deny */
1101 return FAILED;
1102 }
1103
1104 child_sa = child_sa_create(0, this->my_host, this->other_host, 0, 0, FALSE);
1105 my_ts = policy->get_my_traffic_selectors(policy, this->my_host);
1106 other_ts = policy->get_other_traffic_selectors(policy, this->other_host);
1107 status = child_sa->add_policies(child_sa, my_ts, other_ts);
1108 ts_list_destroy(my_ts);
1109 ts_list_destroy(other_ts);
1110 this->child_sas->insert_last(this->child_sas, child_sa);
1111
1112 return status;
1113 }
1114
1115 /**
1116 * Implementation of ike_sa_t.unroute.
1117 */
1118 static status_t unroute(private_ike_sa_t *this, policy_t *policy)
1119 {
1120 iterator_t *iterator;
1121 child_sa_t *child_sa = NULL;
1122 linked_list_t *my_ts, *other_ts, *my_ts_conf, *other_ts_conf;
1123
1124 /* find CHILD_SA in ROUTED state */
1125 iterator = this->child_sas->create_iterator(this->child_sas, TRUE);
1126 while (iterator->iterate(iterator, (void**)&child_sa))
1127 {
1128 if (child_sa->get_state(child_sa) == CHILD_ROUTED)
1129 {
1130 my_ts = child_sa->get_my_traffic_selectors(child_sa);
1131 other_ts = child_sa->get_other_traffic_selectors(child_sa);
1132
1133 my_ts_conf = policy->get_my_traffic_selectors(policy, this->my_host);
1134 other_ts_conf = policy->get_other_traffic_selectors(policy, this->other_host);
1135
1136 if (ts_list_equals(my_ts, my_ts_conf) &&
1137 ts_list_equals(other_ts, other_ts_conf))
1138 {
1139 iterator->remove(iterator);
1140 child_sa->destroy(child_sa);
1141 ts_list_destroy(my_ts_conf);
1142 ts_list_destroy(other_ts_conf);
1143 break;
1144 }
1145 ts_list_destroy(my_ts_conf);
1146 ts_list_destroy(other_ts_conf);
1147 }
1148 }
1149 iterator->destroy(iterator);
1150 /* if we are not established, and we have no more routed childs, remove whole SA */
1151 if (this->state == IKE_CREATED &&
1152 this->child_sas->get_count(this->child_sas) == 0)
1153 {
1154 return DESTROY_ME;
1155 }
1156 return SUCCESS;
1157 }
1158
1159 /**
1160 * Implementation of ike_sa_t.send_dpd
1161 */
1162 static status_t send_dpd(private_ike_sa_t *this)
1163 {
1164 send_dpd_job_t *job;
1165 time_t diff, interval;
1166 status_t status = SUCCESS;
1167
1168 interval = charon->configuration->get_dpd_interval(charon->configuration);
1169
1170 if (this->transaction_out)
1171 {
1172 /* there is a transaction in progress. Come back later */
1173 diff = 0;
1174 }
1175 else
1176 {
1177 /* check if there was any inbound traffic */
1178 time_t last_in, now;
1179 last_in = get_time_inbound(this);
1180 now = time(NULL);
1181 diff = now - last_in;
1182 if (diff >= interval)
1183 {
1184 /* to long ago, initiate dead peer detection */
1185 dead_peer_detection_t *dpd;
1186 this->logger->log(this->logger, CONTROL, "sending DPD request");
1187 dpd = dead_peer_detection_create(&this->public);
1188 status = queue_transaction(this, (transaction_t*)dpd, FALSE);
1189 diff = 0;
1190 }
1191 }
1192 /* recheck in "interval" seconds */
1193 job = send_dpd_job_create(this->ike_sa_id);
1194 charon->event_queue->add_relative(charon->event_queue, (job_t*)job,
1195 (interval - diff) * 1000);
1196 return SUCCESS;
1197 }
1198
1199 /**
1200 * Implementation of ike_sa_t.send_keepalive
1201 */
1202 static void send_keepalive(private_ike_sa_t *this)
1203 {
1204 send_keepalive_job_t *job;
1205 time_t last_out, now, diff, interval;
1206
1207 last_out = get_time_outbound(this);
1208 now = time(NULL);
1209
1210 diff = now - last_out;
1211 interval = charon->configuration->get_keepalive_interval(charon->configuration);
1212
1213 if (diff >= interval)
1214 {
1215 packet_t *packet;
1216 chunk_t data;
1217
1218 packet = packet_create();
1219 packet->set_source(packet, this->my_host->clone(this->my_host));
1220 packet->set_destination(packet, this->other_host->clone(this->other_host));
1221 data.ptr = malloc(1);
1222 data.ptr[0] = 0xFF;
1223 data.len = 1;
1224 packet->set_data(packet, data);
1225 charon->send_queue->add(charon->send_queue, packet);
1226 this->logger->log(this->logger, CONTROL, "sending keep alive");
1227 diff = 0;
1228 }
1229 job = send_keepalive_job_create(this->ike_sa_id);
1230 charon->event_queue->add_relative(charon->event_queue, (job_t*)job,
1231 (interval - diff) * 1000);
1232 }
1233
1234 /**
1235 * Implementation of ike_sa_t.get_state.
1236 */
1237 static ike_sa_state_t get_state(private_ike_sa_t *this)
1238 {
1239 return this->state;
1240 }
1241
1242 /**
1243 * Implementation of ike_sa_t.set_state.
1244 */
1245 static void set_state(private_ike_sa_t *this, ike_sa_state_t state)
1246 {
1247 this->logger->log(this->logger, CONTROL, "state change: %s => %s",
1248 mapping_find(ike_sa_state_m, this->state),
1249 mapping_find(ike_sa_state_m, state));
1250 if (state == IKE_ESTABLISHED)
1251 {
1252 this->time.established = time(NULL);
1253 this->logger->log(this->logger, AUDIT, "IKE_SA established: %s[%s]...%s[%s]",
1254 this->my_host->get_string(this->my_host),
1255 this->my_id->get_string(this->my_id),
1256 this->other_host->get_string(this->other_host),
1257 this->other_id->get_string(this->other_id));
1258 /* start DPD checks */
1259 send_dpd(this);
1260 }
1261 this->state = state;
1262 }
1263
1264 /**
1265 * Implementation of ike_sa_t.get_prf.
1266 */
1267 static prf_t *get_prf(private_ike_sa_t *this)
1268 {
1269 return this->prf;
1270 }
1271
1272 /**
1273 * Implementation of ike_sa_t.get_prf.
1274 */
1275 static prf_t *get_child_prf(private_ike_sa_t *this)
1276 {
1277 return this->child_prf;
1278 }
1279
1280 /**
1281 * Implementation of ike_sa_t.get_prf_auth_i.
1282 */
1283 static prf_t *get_prf_auth_i(private_ike_sa_t *this)
1284 {
1285 return this->prf_auth_i;
1286 }
1287
1288 /**
1289 * Implementation of ike_sa_t.get_prf_auth_r.
1290 */
1291 static prf_t *get_prf_auth_r(private_ike_sa_t *this)
1292 {
1293 return this->prf_auth_r;
1294 }
1295
1296 /**
1297 * Implementation of ike_sa_t.get_id.
1298 */
1299 static ike_sa_id_t* get_id(private_ike_sa_t *this)
1300 {
1301 return this->ike_sa_id;
1302 }
1303
1304 /**
1305 * Implementation of ike_sa_t.get_my_id.
1306 */
1307 static identification_t* get_my_id(private_ike_sa_t *this)
1308 {
1309 return this->my_id;
1310 }
1311
1312 /**
1313 * Implementation of ike_sa_t.set_my_id.
1314 */
1315 static void set_my_id(private_ike_sa_t *this, identification_t *me)
1316 {
1317 DESTROY_IF(this->my_id);
1318 this->my_id = me;
1319 }
1320
1321 /**
1322 * Implementation of ike_sa_t.get_other_id.
1323 */
1324 static identification_t* get_other_id(private_ike_sa_t *this)
1325 {
1326 return this->other_id;
1327 }
1328
1329 /**
1330 * Implementation of ike_sa_t.set_other_id.
1331 */
1332 static void set_other_id(private_ike_sa_t *this, identification_t *other)
1333 {
1334 DESTROY_IF(this->other_id);
1335 this->other_id = other;
1336 }
1337
1338 /**
1339 * Implementation of ike_sa_t.derive_keys.
1340 */
1341 static status_t derive_keys(private_ike_sa_t *this,
1342 proposal_t *proposal, diffie_hellman_t *dh,
1343 chunk_t nonce_i, chunk_t nonce_r,
1344 bool initiator, prf_t *child_prf, prf_t *old_prf)
1345 {
1346 prf_plus_t *prf_plus;
1347 chunk_t skeyseed, secret, key, nonces, prf_plus_seed;
1348 algorithm_t *algo;
1349 size_t key_size;
1350 crypter_t *crypter_i, *crypter_r;
1351 signer_t *signer_i, *signer_r;
1352 u_int8_t spi_i_buf[sizeof(u_int64_t)], spi_r_buf[sizeof(u_int64_t)];
1353 chunk_t spi_i = chunk_from_buf(spi_i_buf);
1354 chunk_t spi_r = chunk_from_buf(spi_r_buf);
1355
1356 /* Create SAs general purpose PRF first, we may use it here */
1357 if (!proposal->get_algorithm(proposal, PSEUDO_RANDOM_FUNCTION, &algo))
1358 {
1359 this->logger->log(this->logger, ERROR, "no PSEUDO_RANDOM_FUNCTION selected!");
1360 return FAILED;
1361 }
1362 this->prf = prf_create(algo->algorithm);
1363 if (this->prf == NULL)
1364 {
1365 this->logger->log(this->logger, ERROR, "PSEUDO_RANDOM_FUNCTION %s not supported!",
1366 mapping_find(pseudo_random_function_m, algo->algorithm));
1367 return FAILED;
1368 }
1369
1370 dh->get_shared_secret(dh, &secret);
1371 this->logger->log_chunk(this->logger, PRIVATE, "shared Diffie Hellman secret", secret);
1372 nonces = chunk_cat("cc", nonce_i, nonce_r);
1373 *((u_int64_t*)spi_i.ptr) = this->ike_sa_id->get_initiator_spi(this->ike_sa_id);
1374 *((u_int64_t*)spi_r.ptr) = this->ike_sa_id->get_responder_spi(this->ike_sa_id);
1375 prf_plus_seed = chunk_cat("ccc", nonces, spi_i, spi_r);
1376
1377 /* KEYMAT = prf+ (SKEYSEED, Ni | Nr | SPIi | SPIr)
1378 *
1379 * if we are rekeying, SKEYSEED built on another way
1380 */
1381 if (child_prf == NULL) /* not rekeying */
1382 {
1383 /* SKEYSEED = prf(Ni | Nr, g^ir) */
1384 this->prf->set_key(this->prf, nonces);
1385 this->prf->allocate_bytes(this->prf, secret, &skeyseed);
1386 this->logger->log_chunk(this->logger, PRIVATE|LEVEL1, "SKEYSEED", skeyseed);
1387 this->prf->set_key(this->prf, skeyseed);
1388 chunk_free(&skeyseed);
1389 chunk_free(&secret);
1390 prf_plus = prf_plus_create(this->prf, prf_plus_seed);
1391 }
1392 else
1393 {
1394 /* SKEYSEED = prf(SK_d (old), [g^ir (new)] | Ni | Nr)
1395 * use OLD SAs PRF functions for both prf_plus and prf */
1396 secret = chunk_cat("mc", secret, nonces);
1397 child_prf->allocate_bytes(child_prf, secret, &skeyseed);
1398 this->logger->log_chunk(this->logger, PRIVATE|LEVEL1, "SKEYSEED", skeyseed);
1399 old_prf->set_key(old_prf, skeyseed);
1400 chunk_free(&skeyseed);
1401 chunk_free(&secret);
1402 prf_plus = prf_plus_create(old_prf, prf_plus_seed);
1403 }
1404 chunk_free(&nonces);
1405 chunk_free(&prf_plus_seed);
1406
1407 /* KEYMAT = SK_d | SK_ai | SK_ar | SK_ei | SK_er | SK_pi | SK_pr */
1408
1409 /* SK_d is used for generating CHILD_SA key mat => child_prf */
1410 proposal->get_algorithm(proposal, PSEUDO_RANDOM_FUNCTION, &algo);
1411 this->child_prf = prf_create(algo->algorithm);
1412 key_size = this->child_prf->get_key_size(this->child_prf);
1413 prf_plus->allocate_bytes(prf_plus, key_size, &key);
1414 this->logger->log_chunk(this->logger, PRIVATE, "Sk_d secret", key);
1415 this->child_prf->set_key(this->child_prf, key);
1416 chunk_free(&key);
1417
1418 /* SK_ai/SK_ar used for integrity protection => signer_in/signer_out */
1419 if (!proposal->get_algorithm(proposal, INTEGRITY_ALGORITHM, &algo))
1420 {
1421 this->logger->log(this->logger, ERROR, "no INTEGRITY_ALGORITHM selected?!");
1422 return FAILED;
1423 }
1424 signer_i = signer_create(algo->algorithm);
1425 signer_r = signer_create(algo->algorithm);
1426 if (signer_i == NULL || signer_r == NULL)
1427 {
1428 this->logger->log(this->logger, ERROR, "INTEGRITY_ALGORITHM %s not supported!",
1429 mapping_find(integrity_algorithm_m,algo->algorithm));
1430 return FAILED;
1431 }
1432 key_size = signer_i->get_key_size(signer_i);
1433
1434 prf_plus->allocate_bytes(prf_plus, key_size, &key);
1435 this->logger->log_chunk(this->logger, PRIVATE, "Sk_ai secret", key);
1436 signer_i->set_key(signer_i, key);
1437 chunk_free(&key);
1438
1439 prf_plus->allocate_bytes(prf_plus, key_size, &key);
1440 this->logger->log_chunk(this->logger, PRIVATE, "Sk_ar secret", key);
1441 signer_r->set_key(signer_r, key);
1442 chunk_free(&key);
1443
1444 if (initiator)
1445 {
1446 this->signer_in = signer_r;
1447 this->signer_out = signer_i;
1448 }
1449 else
1450 {
1451 this->signer_in = signer_i;
1452 this->signer_out = signer_r;
1453 }
1454
1455 /* SK_ei/SK_er used for encryption => crypter_in/crypter_out */
1456 if (!proposal->get_algorithm(proposal, ENCRYPTION_ALGORITHM, &algo))
1457 {
1458 this->logger->log(this->logger, ERROR, "no ENCRYPTION_ALGORITHM selected!");
1459 return FAILED;
1460 }
1461 crypter_i = crypter_create(algo->algorithm, algo->key_size / 8);
1462 crypter_r = crypter_create(algo->algorithm, algo->key_size / 8);
1463 if (crypter_i == NULL || crypter_r == NULL)
1464 {
1465 this->logger->log(this->logger, ERROR,
1466 "ENCRYPTION_ALGORITHM %s (key size %d) not supported!",
1467 mapping_find(encryption_algorithm_m, algo->algorithm),
1468 algo->key_size);
1469 return FAILED;
1470 }
1471 key_size = crypter_i->get_key_size(crypter_i);
1472
1473 prf_plus->allocate_bytes(prf_plus, key_size, &key);
1474 this->logger->log_chunk(this->logger, PRIVATE, "Sk_ei secret", key);
1475 crypter_i->set_key(crypter_i, key);
1476 chunk_free(&key);
1477
1478 prf_plus->allocate_bytes(prf_plus, key_size, &key);
1479 this->logger->log_chunk(this->logger, PRIVATE, "Sk_er secret", key);
1480 crypter_r->set_key(crypter_r, key);
1481 chunk_free(&key);
1482
1483 if (initiator)
1484 {
1485 this->crypter_in = crypter_r;
1486 this->crypter_out = crypter_i;
1487 }
1488 else
1489 {
1490 this->crypter_in = crypter_i;
1491 this->crypter_out = crypter_r;
1492 }
1493
1494 /* SK_pi/SK_pr used for authentication => prf_auth_i, prf_auth_r */
1495 proposal->get_algorithm(proposal, PSEUDO_RANDOM_FUNCTION, &algo);
1496 this->prf_auth_i = prf_create(algo->algorithm);
1497 this->prf_auth_r = prf_create(algo->algorithm);
1498
1499 key_size = this->prf_auth_i->get_key_size(this->prf_auth_i);
1500 prf_plus->allocate_bytes(prf_plus, key_size, &key);
1501 this->logger->log_chunk(this->logger, PRIVATE, "Sk_pi secret", key);
1502 this->prf_auth_i->set_key(this->prf_auth_i, key);
1503 chunk_free(&key);
1504
1505 prf_plus->allocate_bytes(prf_plus, key_size, &key);
1506 this->logger->log_chunk(this->logger, PRIVATE, "Sk_pr secret", key);
1507 this->prf_auth_r->set_key(this->prf_auth_r, key);
1508 chunk_free(&key);
1509
1510 /* all done, prf_plus not needed anymore */
1511 prf_plus->destroy(prf_plus);
1512
1513 return SUCCESS;
1514
1515 }
1516
1517 /**
1518 * Implementation of ike_sa_t.add_child_sa.
1519 */
1520 static void add_child_sa(private_ike_sa_t *this, child_sa_t *child_sa)
1521 {
1522 this->child_sas->insert_last(this->child_sas, child_sa);
1523 }
1524
1525 /**
1526 * Implementation of ike_sa_t.has_child_sa.
1527 */
1528 static bool has_child_sa(private_ike_sa_t *this, u_int32_t reqid)
1529 {
1530 iterator_t *iterator;
1531 child_sa_t *current;
1532 bool found = FALSE;
1533
1534 iterator = this->child_sas->create_iterator(this->child_sas, TRUE);
1535 while (iterator->iterate(iterator, (void**)&current))
1536 {
1537 if (current->get_reqid(current) == reqid)
1538 {
1539 found = TRUE;
1540 break;
1541 }
1542 }
1543 iterator->destroy(iterator);
1544 return found;
1545 }
1546
1547 /**
1548 * Implementation of ike_sa_t.get_child_sa.
1549 */
1550 static child_sa_t* get_child_sa(private_ike_sa_t *this, protocol_id_t protocol,
1551 u_int32_t spi, bool inbound)
1552 {
1553 iterator_t *iterator;
1554 child_sa_t *current, *found = NULL;
1555
1556 iterator = this->child_sas->create_iterator(this->child_sas, TRUE);
1557 while (iterator->has_next(iterator))
1558 {
1559 iterator->current(iterator, (void**)&current);
1560 if (current->get_spi(current, inbound) == spi &&
1561 current->get_protocol(current) == protocol)
1562 {
1563 found = current;
1564 }
1565 }
1566 iterator->destroy(iterator);
1567 return found;
1568 }
1569
1570 /**
1571 * Implementation of ike_sa_t.create_child_sa_iterator.
1572 */
1573 static iterator_t* create_child_sa_iterator(private_ike_sa_t *this)
1574 {
1575 return this->child_sas->create_iterator(this->child_sas, TRUE);
1576 }
1577
1578 /**
1579 * Implementation of ike_sa_t.rekey_child_sa.
1580 */
1581 static status_t rekey_child_sa(private_ike_sa_t *this, protocol_id_t protocol, u_int32_t spi)
1582 {
1583 create_child_sa_t *rekey;
1584 child_sa_t *child_sa;
1585
1586 child_sa = get_child_sa(this, protocol, spi, TRUE);
1587 if (child_sa == NULL)
1588 {
1589 return NOT_FOUND;
1590 }
1591
1592 rekey = create_child_sa_create(&this->public);
1593 rekey->rekeys_child(rekey, child_sa);
1594 return queue_transaction(this, (transaction_t*)rekey, FALSE);
1595 }
1596
1597 /**
1598 * Implementation of ike_sa_t.delete_child_sa.
1599 */
1600 static status_t delete_child_sa(private_ike_sa_t *this, protocol_id_t protocol, u_int32_t spi)
1601 {
1602 delete_child_sa_t *del;
1603 child_sa_t *child_sa;
1604
1605 child_sa = get_child_sa(this, protocol, spi, TRUE);
1606 if (child_sa == NULL)
1607 {
1608 return NOT_FOUND;
1609 }
1610
1611 del = delete_child_sa_create(&this->public);
1612 del->set_child_sa(del, child_sa);
1613 return queue_transaction(this, (transaction_t*)del, FALSE);
1614 }
1615
1616 /**
1617 * Implementation of ike_sa_t.destroy_child_sa.
1618 */
1619 static status_t destroy_child_sa(private_ike_sa_t *this, protocol_id_t protocol, u_int32_t spi)
1620 {
1621 iterator_t *iterator;
1622 child_sa_t *child_sa;
1623 status_t status = NOT_FOUND;
1624
1625 iterator = this->child_sas->create_iterator(this->child_sas, TRUE);
1626 while (iterator->iterate(iterator, (void**)&child_sa))
1627 {
1628 if (child_sa->get_protocol(child_sa) == protocol &&
1629 child_sa->get_spi(child_sa, TRUE) == spi)
1630 {
1631 child_sa->destroy(child_sa);
1632 iterator->remove(iterator);
1633 status = SUCCESS;
1634 break;
1635 }
1636 }
1637 iterator->destroy(iterator);
1638 return status;
1639 }
1640
1641 /**
1642 * Implementation of ike_sa_t.set_lifetimes.
1643 */
1644 static void set_lifetimes(private_ike_sa_t *this,
1645 u_int32_t soft_lifetime, u_int32_t hard_lifetime)
1646 {
1647 job_t *job;
1648
1649 if (soft_lifetime)
1650 {
1651 this->time.rekey = this->time.established + soft_lifetime;
1652 job = (job_t*)rekey_ike_sa_job_create(this->ike_sa_id);
1653 charon->event_queue->add_relative(charon->event_queue, job,
1654 soft_lifetime * 1000);
1655 }
1656
1657 if (hard_lifetime)
1658 {
1659 this->time.delete = this->time.established + hard_lifetime;
1660 job = (job_t*)delete_established_ike_sa_job_create(this->ike_sa_id);
1661 charon->event_queue->add_relative(charon->event_queue, job,
1662 hard_lifetime * 1000);
1663 }
1664 }
1665
1666 /**
1667 * Implementation of ike_sa_t.rekey.
1668 */
1669 static status_t rekey(private_ike_sa_t *this)
1670 {
1671 rekey_ike_sa_t *rekey_ike_sa;
1672
1673 this->logger->log(this->logger, CONTROL,
1674 "rekeying IKE_SA between %s[%s]..%s[%s]",
1675 this->my_host->get_string(this->my_host),
1676 this->my_id->get_string(this->my_id),
1677 this->other_host->get_string(this->other_host),
1678 this->other_id->get_string(this->other_id));
1679
1680 if (this->state != IKE_ESTABLISHED)
1681 {
1682 this->logger->log(this->logger, ERROR,
1683 "unable to rekey IKE_SA in state %s",
1684 mapping_find(ike_sa_state_m, this->state));
1685 return FAILED;
1686 }
1687
1688 rekey_ike_sa = rekey_ike_sa_create(&this->public);
1689 return queue_transaction(this, (transaction_t*)rekey_ike_sa, FALSE);
1690 }
1691
1692 /**
1693 * Implementation of ike_sa_t.get_rekeying_transaction.
1694 */
1695 static rekey_ike_sa_t* get_rekeying_transaction(private_ike_sa_t *this)
1696 {
1697 return this->rekeying_transaction;
1698 }
1699
1700 /**
1701 * Implementation of ike_sa_t.set_rekeying_transaction.
1702 */
1703 static void set_rekeying_transaction(private_ike_sa_t *this, rekey_ike_sa_t *rekey)
1704 {
1705 this->rekeying_transaction = rekey;
1706 }
1707
1708 /**
1709 * Implementation of ike_sa_t.adopt_children.
1710 */
1711 static void adopt_children(private_ike_sa_t *this, private_ike_sa_t *other)
1712 {
1713 child_sa_t *child_sa;
1714
1715 while (other->child_sas->remove_last(other->child_sas,
1716 (void**)&child_sa) == SUCCESS)
1717 {
1718 this->child_sas->insert_first(this->child_sas, (void*)child_sa);
1719 }
1720 }
1721
1722 /**
1723 * Implementation of ike_sa_t.log_status.
1724 */
1725 static void log_status(private_ike_sa_t *this, logger_t *logger, char *name)
1726 {
1727 iterator_t *iterator;
1728 child_sa_t *child_sa;
1729 bool contains_child = FALSE;
1730
1731 /* check for a CHILD_SA with specified name. We then print the IKE_SA,
1732 * even it has another name */
1733 if (name != NULL)
1734 {
1735 iterator = this->child_sas->create_iterator(this->child_sas, TRUE);
1736 while (iterator->iterate(iterator, (void**)&child_sa))
1737 {
1738 if (streq(name, child_sa->get_name(child_sa)))
1739 {
1740 contains_child = TRUE;
1741 break;
1742 }
1743 }
1744 iterator->destroy(iterator);
1745 }
1746
1747 if (name == NULL || contains_child || streq(name, this->name))
1748 {
1749 if (logger == NULL)
1750 {
1751 logger = this->logger;
1752 }
1753 logger->log(logger, CONTROL|LEVEL1,
1754 " \"%s\": IKE_SA in state %s, SPIs: 0x%.16llx 0x%.16llx",
1755 this->name,
1756 mapping_find(ike_sa_state_m, this->state),
1757 this->ike_sa_id->get_initiator_spi(this->ike_sa_id),
1758 this->ike_sa_id->get_responder_spi(this->ike_sa_id));
1759 logger->log(logger, CONTROL, " \"%s\": %s[%s]...%s[%s]",
1760 this->name,
1761 this->my_host->get_string(this->my_host),
1762 this->my_id->get_string(this->my_id),
1763 this->other_host->get_string(this->other_host),
1764 this->other_id->get_string(this->other_id));
1765
1766 iterator = this->child_sas->create_iterator(this->child_sas, TRUE);
1767 while (iterator->has_next(iterator))
1768 {
1769 iterator->current(iterator, (void**)&child_sa);
1770 child_sa->log_status(child_sa, logger);
1771 }
1772 iterator->destroy(iterator);
1773 }
1774 }
1775
1776 /**
1777 * Implementation of public_ike_sa_t.delete.
1778 */
1779 static status_t delete_(private_ike_sa_t *this)
1780 {
1781 switch (this->state)
1782 {
1783 case IKE_CONNECTING:
1784 case IKE_ESTABLISHED:
1785 {
1786 delete_ike_sa_t *delete_ike_sa;
1787 delete_ike_sa = delete_ike_sa_create(&this->public);
1788 if (this->transaction_out)
1789 {
1790 /* already a transaction in progress. As this may hang
1791 * around a while, we don't inform the other peer. */
1792 return DESTROY_ME;
1793 }
1794 return queue_transaction(this, (transaction_t*)delete_ike_sa, FALSE);
1795 }
1796 case IKE_CREATED:
1797 case IKE_DELETING:
1798 default:
1799 {
1800 return DESTROY_ME;
1801 }
1802 }
1803 }
1804
1805 /**
1806 * Implementation of ike_sa_t.get_next_message_id.
1807 */
1808 static u_int32_t get_next_message_id (private_ike_sa_t *this)
1809 {
1810 return this->message_id_out++;
1811 }
1812
1813 /**
1814 * Implementation of ike_sa_t.is_natt_enabled.
1815 */
1816 static bool is_natt_enabled (private_ike_sa_t *this)
1817 {
1818 return this->nat_here || this->nat_there;
1819 }
1820
1821 /**
1822 * Implementation of ike_sa_t.enable_natt.
1823 */
1824 static void enable_natt (private_ike_sa_t *this, bool local)
1825 {
1826 if (local)
1827 {
1828 this->logger->log(this->logger, CONTROL,
1829 "local host is behind NAT, using NAT-T, scheduled keep alives");
1830 this->nat_here = TRUE;
1831 send_keepalive(this);
1832 }
1833 else
1834 {
1835 this->logger->log(this->logger, CONTROL,
1836 "remote host is behind NAT, using NAT-T");
1837 this->nat_there = TRUE;
1838 }
1839 }
1840
1841 /**
1842 * Implementation of ike_sa_t.destroy.
1843 */
1844 static void destroy(private_ike_sa_t *this)
1845 {
1846 child_sa_t *child_sa;
1847 transaction_t *transaction;
1848
1849 this->logger->log(this->logger, CONTROL|LEVEL2, "going to destroy IKE SA %llu:%llu, role %s",
1850 this->ike_sa_id->get_initiator_spi(this->ike_sa_id),
1851 this->ike_sa_id->get_responder_spi(this->ike_sa_id),
1852 this->ike_sa_id->is_initiator(this->ike_sa_id) ? "initiator" : "responder");
1853
1854 if (this->state == IKE_ESTABLISHED)
1855 {
1856 this->logger->log(this->logger, ERROR,
1857 "destroying an established IKE SA without knowledge from remote peer!");
1858 }
1859
1860 while (this->child_sas->remove_last(this->child_sas, (void**)&child_sa) == SUCCESS)
1861 {
1862 child_sa->destroy(child_sa);
1863 }
1864 this->child_sas->destroy(this->child_sas);
1865
1866 while (this->transaction_queue->remove_last(this->transaction_queue, (void**)&transaction) == SUCCESS)
1867 {
1868 transaction->destroy(transaction);
1869 }
1870 this->transaction_queue->destroy(this->transaction_queue);
1871
1872 DESTROY_IF(this->transaction_in);
1873 DESTROY_IF(this->transaction_in_next);
1874 DESTROY_IF(this->transaction_out);
1875 DESTROY_IF(this->crypter_in);
1876 DESTROY_IF(this->crypter_out);
1877 DESTROY_IF(this->signer_in);
1878 DESTROY_IF(this->signer_out);
1879 DESTROY_IF(this->prf);
1880 DESTROY_IF(this->child_prf);
1881 DESTROY_IF(this->prf_auth_i);
1882 DESTROY_IF(this->prf_auth_r);
1883
1884 this->logger->log(this->logger, AUDIT,
1885 "IKE_SA deleted between %s[%s]...%s[%s]",
1886 this->my_host->get_string(this->my_host),
1887 this->my_id->get_string(this->my_id),
1888 this->other_host->get_string(this->other_host),
1889 this->other_id->get_string(this->other_id));
1890
1891 DESTROY_IF(this->my_host);
1892 DESTROY_IF(this->other_host);
1893 DESTROY_IF(this->my_id);
1894 DESTROY_IF(this->other_id);
1895
1896 free(this->name);
1897 this->ike_sa_id->destroy(this->ike_sa_id);
1898 free(this);
1899 }
1900
1901 /*
1902 * Described in header.
1903 */
1904 ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id)
1905 {
1906 private_ike_sa_t *this = malloc_thing(private_ike_sa_t);
1907
1908 /* Public functions */
1909 this->public.get_state = (ike_sa_state_t(*)(ike_sa_t*)) get_state;
1910 this->public.set_state = (void(*)(ike_sa_t*,ike_sa_state_t)) set_state;
1911 this->public.get_name = (char*(*)(ike_sa_t*))get_name;
1912 this->public.set_name = (void(*)(ike_sa_t*,char*))set_name;
1913 this->public.process_message = (status_t(*)(ike_sa_t*, message_t*)) process_message;
1914 this->public.initiate = (status_t(*)(ike_sa_t*,connection_t*,policy_t*)) initiate;
1915 this->public.route = (status_t(*)(ike_sa_t*,connection_t*,policy_t*)) route;
1916 this->public.unroute = (status_t(*)(ike_sa_t*,policy_t*)) unroute;
1917 this->public.acquire = (status_t(*)(ike_sa_t*,u_int32_t)) acquire;
1918 this->public.get_id = (ike_sa_id_t*(*)(ike_sa_t*)) get_id;
1919 this->public.get_my_host = (host_t*(*)(ike_sa_t*)) get_my_host;
1920 this->public.set_my_host = (void(*)(ike_sa_t*,host_t*)) set_my_host;
1921 this->public.get_other_host = (host_t*(*)(ike_sa_t*)) get_other_host;
1922 this->public.set_other_host = (void(*)(ike_sa_t*,host_t*)) set_other_host;
1923 this->public.get_my_id = (identification_t*(*)(ike_sa_t*)) get_my_id;
1924 this->public.set_my_id = (void(*)(ike_sa_t*,identification_t*)) set_my_id;
1925 this->public.get_other_id = (identification_t*(*)(ike_sa_t*)) get_other_id;
1926 this->public.set_other_id = (void(*)(ike_sa_t*,identification_t*)) set_other_id;
1927 this->public.get_next_message_id = (u_int32_t(*)(ike_sa_t*)) get_next_message_id;
1928 this->public.retransmit_request = (status_t (*) (ike_sa_t *, u_int32_t)) retransmit_request;
1929 this->public.log_status = (void (*) (ike_sa_t*,logger_t*,char*))log_status;
1930 this->public.delete = (status_t(*)(ike_sa_t*))delete_;
1931 this->public.destroy = (void(*)(ike_sa_t*))destroy;
1932 this->public.send_dpd = (status_t (*)(ike_sa_t*)) send_dpd;
1933 this->public.send_keepalive = (void (*)(ike_sa_t*)) send_keepalive;
1934 this->public.get_prf = (prf_t *(*) (ike_sa_t *)) get_prf;
1935 this->public.get_child_prf = (prf_t *(*) (ike_sa_t *)) get_child_prf;
1936 this->public.get_prf_auth_i = (prf_t *(*) (ike_sa_t *)) get_prf_auth_i;
1937 this->public.get_prf_auth_r = (prf_t *(*) (ike_sa_t *)) get_prf_auth_r;
1938 this->public.derive_keys = (status_t (*) (ike_sa_t *,proposal_t*,diffie_hellman_t*,chunk_t,chunk_t,bool,prf_t*,prf_t*)) derive_keys;
1939 this->public.add_child_sa = (void (*) (ike_sa_t*,child_sa_t*)) add_child_sa;
1940 this->public.has_child_sa = (bool(*)(ike_sa_t*,u_int32_t)) has_child_sa;
1941 this->public.get_child_sa = (child_sa_t* (*)(ike_sa_t*,protocol_id_t,u_int32_t,bool)) get_child_sa;
1942 this->public.create_child_sa_iterator = (iterator_t* (*)(ike_sa_t*)) create_child_sa_iterator;
1943 this->public.rekey_child_sa = (status_t(*)(ike_sa_t*,protocol_id_t,u_int32_t)) rekey_child_sa;
1944 this->public.delete_child_sa = (status_t(*)(ike_sa_t*,protocol_id_t,u_int32_t)) delete_child_sa;
1945 this->public.destroy_child_sa = (status_t (*)(ike_sa_t*,protocol_id_t,u_int32_t))destroy_child_sa;
1946 this->public.enable_natt = (void(*)(ike_sa_t*, bool)) enable_natt;
1947 this->public.is_natt_enabled = (bool(*)(ike_sa_t*)) is_natt_enabled;
1948 this->public.set_lifetimes = (void(*)(ike_sa_t*,u_int32_t,u_int32_t))set_lifetimes;
1949 this->public.rekey = (status_t(*)(ike_sa_t*))rekey;
1950 this->public.get_rekeying_transaction = (void*(*)(ike_sa_t*))get_rekeying_transaction;
1951 this->public.set_rekeying_transaction = (void(*)(ike_sa_t*,void*))set_rekeying_transaction;
1952 this->public.adopt_children = (void(*)(ike_sa_t*,ike_sa_t*))adopt_children;
1953
1954 /* initialize private fields */
1955 this->logger = logger_manager->get_logger(logger_manager, IKE_SA);
1956 this->ike_sa_id = ike_sa_id->clone(ike_sa_id);
1957 this->name = strdup("(uninitialized)");
1958 this->child_sas = linked_list_create();
1959 this->my_host = host_create(AF_INET, "0.0.0.0", 0);
1960 this->other_host = host_create(AF_INET, "0.0.0.0", 0);
1961 this->my_id = identification_create_from_encoding(ID_ANY, CHUNK_INITIALIZER);
1962 this->other_id = identification_create_from_encoding(ID_ANY, CHUNK_INITIALIZER);
1963 this->crypter_in = NULL;
1964 this->crypter_out = NULL;
1965 this->signer_in = NULL;
1966 this->signer_out = NULL;
1967 this->prf = NULL;
1968 this->prf_auth_i = NULL;
1969 this->prf_auth_r = NULL;
1970 this->child_prf = NULL;
1971 this->nat_here = FALSE;
1972 this->nat_there = FALSE;
1973 this->transaction_queue = linked_list_create();
1974 this->transaction_in = NULL;
1975 this->transaction_in_next = NULL;
1976 this->transaction_out = NULL;
1977 this->rekeying_transaction = NULL;
1978 this->state = IKE_CREATED;
1979 this->message_id_out = 0;
1980 /* set to NOW, as when we rekey an existing IKE_SA no message is exchanged */
1981 this->time.inbound = this->time.outbound = time(NULL);
1982 this->time.established = 0;
1983 this->time.rekey = 0;
1984 this->time.delete = 0;
1985
1986 return &this->public;
1987 }