14f72d49502d4d661c59825529d29f0b5774e3d7
[strongswan.git] / src / charon / sa / ike_sa.c
1 /**
2 * @file ike_sa.c
3 *
4 * @brief Implementation of ike_sa_t.
5 *
6 */
7
8 /*
9 * Copyright (C) 2006 Tobias Brunner, Daniel Roethlisberger
10 * Copyright (C) 2005-2006 Martin Willi
11 * Copyright (C) 2005 Jan Hutter
12 * Hochschule fuer Technik Rapperswil
13 *
14 * This program is free software; you can redistribute it and/or modify it
15 * under the terms of the GNU General Public License as published by the
16 * Free Software Foundation; either version 2 of the License, or (at your
17 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
18 *
19 * This program is distributed in the hope that it will be useful, but
20 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
21 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
22 * for more details.
23 */
24
25 #include <sys/time.h>
26 #include <string.h>
27
28 #include "ike_sa.h"
29
30 #include <types.h>
31 #include <daemon.h>
32 #include <definitions.h>
33 #include <utils/linked_list.h>
34 #include <utils/logger_manager.h>
35 #include <crypto/diffie_hellman.h>
36 #include <crypto/prf_plus.h>
37 #include <crypto/crypters/crypter.h>
38 #include <crypto/hashers/hasher.h>
39 #include <encoding/payloads/sa_payload.h>
40 #include <encoding/payloads/nonce_payload.h>
41 #include <encoding/payloads/ke_payload.h>
42 #include <encoding/payloads/delete_payload.h>
43 #include <encoding/payloads/transform_substructure.h>
44 #include <encoding/payloads/transform_attribute.h>
45 #include <encoding/payloads/ts_payload.h>
46 #include <sa/transactions/transaction.h>
47 #include <sa/transactions/ike_sa_init.h>
48 #include <sa/transactions/delete_ike_sa.h>
49 #include <sa/transactions/create_child_sa.h>
50 #include <sa/transactions/delete_child_sa.h>
51 #include <sa/transactions/dead_peer_detection.h>
52 #include <queues/jobs/retransmit_request_job.h>
53 #include <queues/jobs/delete_established_ike_sa_job.h>
54 #include <queues/jobs/delete_half_open_ike_sa_job.h>
55 #include <queues/jobs/send_dpd_job.h>
56 #include <queues/jobs/send_keepalive_job.h>
57
58
59 /**
60 * String mappings for ike_sa_state_t.
61 */
62 mapping_t ike_sa_state_m[] = {
63 {IKE_CREATED, "CREATED"},
64 {IKE_CONNECTING, "CONNECTING"},
65 {IKE_ESTABLISHED, "ESTABLISHED"},
66 {IKE_DELETING, "DELETING"},
67 {MAPPING_END, NULL}
68 };
69
70
71 typedef struct private_ike_sa_t private_ike_sa_t;
72
73 /**
74 * Private data of an ike_sa_t object.
75 */
76 struct private_ike_sa_t {
77
78 /**
79 * Public members
80 */
81 ike_sa_t public;
82
83 /**
84 * Identifier for the current IKE_SA.
85 */
86 ike_sa_id_t *ike_sa_id;
87
88 /**
89 * Linked List containing the child sa's of the current IKE_SA.
90 */
91 linked_list_t *child_sas;
92
93 /**
94 * Current state of the IKE_SA
95 */
96 ike_sa_state_t state;
97
98 /**
99 * Connection definition used for this IKE_SA
100 */
101 connection_t *connection;
102
103 /**
104 * Policy definition used for this IKE_SA
105 */
106 policy_t *policy;
107
108 /**
109 * crypter for inbound traffic
110 */
111 crypter_t *crypter_in;
112
113 /**
114 * crypter for outbound traffic
115 */
116 crypter_t *crypter_out;
117
118 /**
119 * Signer for inbound traffic
120 */
121 signer_t *signer_in;
122
123 /**
124 * Signer for outbound traffic
125 */
126 signer_t *signer_out;
127
128 /**
129 * Multi purpose prf, set key, use it, forget it
130 */
131 prf_t *prf;
132
133 /**
134 * Prf function for derivating keymat child SAs
135 */
136 prf_t *child_prf;
137
138 /**
139 * PRF, with key set to pi_key, used for authentication
140 */
141 prf_t *prf_auth_i;
142
143 /**
144 * PRF, with key set to pr_key, used for authentication
145 */
146 prf_t *prf_auth_r;
147
148 /**
149 * A logger for this IKE_SA.
150 */
151 logger_t *logger;
152
153 /**
154 * NAT hasher.
155 */
156 hasher_t *nat_hasher;
157
158 /**
159 * NAT status of local host.
160 */
161 bool nat_here;
162
163 /**
164 * NAT status of remote host.
165 */
166 bool nat_there;
167
168 /**
169 * message ID for next outgoung request
170 */
171 u_int32_t message_id_out;
172
173 /**
174 * Timestamp of last IKE message received on this SA
175 */
176 time_t time_inbound;
177
178 /**
179 * Timestamp of last IKE message sent on this SA
180 */
181 time_t time_outbound;
182
183 /**
184 * List of queued transactions to process
185 */
186 linked_list_t *transaction_queue;
187
188 /**
189 * Transaction currently initiated
190 * (only one supported yet, window size = 1)
191 */
192 transaction_t *transaction_out;
193
194 /**
195 * last transaction initiated by peer processed.
196 * (only one supported yet, window size = 1)
197 * Stored for retransmission.
198 */
199 transaction_t *transaction_in;
200
201 /**
202 * Next incoming transaction expected. Used to
203 * do multi transaction operations.
204 */
205 transaction_t *transaction_in_next;
206 };
207
208 /**
209 * get the time of the latest traffic processed by the kernel
210 */
211 static time_t get_esp_time(private_ike_sa_t* this, bool inbound)
212 {
213 iterator_t *iterator;
214 child_sa_t *child_sa;
215 time_t latest = 0, use_time;
216
217 iterator = this->child_sas->create_iterator(this->child_sas, TRUE);
218 while (iterator->iterate(iterator, (void**)&child_sa))
219 {
220 if (child_sa->get_use_time(child_sa, inbound, &use_time) == SUCCESS)
221 {
222 latest = max(latest, use_time);
223 }
224 }
225 iterator->destroy(iterator);
226
227 return latest;
228 }
229
230 /**
231 * get the time of the latest received traffice
232 */
233 static time_t get_time_inbound(private_ike_sa_t *this)
234 {
235 return max(this->time_inbound, get_esp_time(this, TRUE));
236 }
237
238 /**
239 * get the time of the latest sent traffic
240 */
241 static time_t get_time_outbound(private_ike_sa_t *this)
242 {
243 return max(this->time_outbound, get_esp_time(this, FALSE));
244 }
245
246
247 /**
248 * Update connection host, as addresses may change (NAT)
249 */
250 static void update_hosts(private_ike_sa_t *this, host_t *me, host_t *other)
251 {
252 /*
253 * Quoting RFC 4306:
254 *
255 * 2.11. Address and Port Agility
256 *
257 * IKE runs over UDP ports 500 and 4500, and implicitly sets up ESP and
258 * AH associations for the same IP addresses it runs over. The IP
259 * addresses and ports in the outer header are, however, not themselves
260 * cryptographically protected, and IKE is designed to work even through
261 * Network Address Translation (NAT) boxes. An implementation MUST
262 * accept incoming requests even if the source port is not 500 or 4500,
263 * and MUST respond to the address and port from which the request was
264 * received. It MUST specify the address and port at which the request
265 * was received as the source address and port in the response. IKE
266 * functions identically over IPv4 or IPv6.
267 *
268 * [...]
269 *
270 * There are cases where a NAT box decides to remove mappings that
271 * are still alive (for example, the keepalive interval is too long,
272 * or the NAT box is rebooted). To recover in these cases, hosts
273 * that are not behind a NAT SHOULD send all packets (including
274 * retransmission packets) to the IP address and port from the last
275 * valid authenticated packet from the other end (i.e., dynamically
276 * update the address). A host behind a NAT SHOULD NOT do this
277 * because it opens a DoS attack possibility. Any authenticated IKE
278 * packet or any authenticated UDP-encapsulated ESP packet can be
279 * used to detect that the IP address or the port has changed.
280 */
281 host_t *old_other = NULL;
282 iterator_t *iterator = NULL;
283 child_sa_t *child_sa = NULL;
284 int my_changes, other_changes;
285
286 my_changes = me->get_differences(me, this->connection->get_my_host(this->connection));
287
288 old_other = this->connection->get_other_host(this->connection);
289 other_changes = other->get_differences(other, old_other);
290
291 if (!my_changes && !other_changes)
292 {
293 return;
294 }
295
296 if (my_changes)
297 {
298 this->connection->update_my_host(this->connection, me->clone(me));
299 }
300
301 if (!this->nat_here)
302 {
303 /* update without restrictions if we are not NATted */
304 if (other_changes)
305 {
306 this->connection->update_other_host(this->connection, other->clone(other));
307 }
308 }
309 else
310 {
311 /* if we are natted, only port may change */
312 if (other_changes & HOST_DIFF_ADDR)
313 {
314 return;
315 }
316 else if (other_changes & HOST_DIFF_PORT)
317 {
318 old_other->set_port(old_other, other->get_port(other));
319 }
320 }
321 iterator = this->child_sas->create_iterator(this->child_sas, TRUE);
322 while (iterator->iterate(iterator, (void**)&child_sa))
323 {
324 child_sa->update_hosts(child_sa,
325 this->connection->get_my_host(this->connection),
326 this->connection->get_other_host(this->connection),
327 my_changes, other_changes);
328 /* TODO: what to do if update fails? Delete CHILD_SA? */
329 }
330 iterator->destroy(iterator);
331 }
332
333 /**
334 * send a request and schedule retransmission
335 */
336 static status_t transmit_request(private_ike_sa_t *this)
337 {
338 message_t *request;
339 packet_t *packet;
340 status_t status;
341 retransmit_request_job_t *job;
342 u_int32_t transmitted;
343 u_int32_t timeout;
344 transaction_t *transaction = this->transaction_out;
345 u_int32_t message_id = transaction->get_message_id(transaction);
346
347 transmitted = transaction->requested(transaction);
348 timeout = charon->configuration->get_retransmit_timeout(charon->configuration,
349 transmitted);
350 if (timeout == 0)
351 {
352 this->logger->log(this->logger, ERROR,
353 "giving up after %d retransmits, deleting IKE_SA",
354 transmitted - 1);
355 return DESTROY_ME;
356 }
357
358 status = transaction->get_request(transaction, &request);
359 if (status != SUCCESS)
360 {
361 return status;
362 }
363 /* if we retransmit, the request is already generated */
364 if (transmitted == 0)
365 {
366 status = request->generate(request, this->crypter_out, this->signer_out, &packet);
367 if (status != SUCCESS)
368 {
369 return FAILED;
370 }
371 }
372 else
373 {
374 this->logger->log(this->logger, CONTROL,
375 "sending retransmit %d for %s request with message ID %d",
376 transmitted,
377 mapping_find(exchange_type_m, request->get_exchange_type(request)),
378 message_id);
379 packet = request->get_packet(request);
380 }
381 /* finally send */
382 charon->send_queue->add(charon->send_queue, packet);
383 this->time_outbound = time(NULL);
384
385 /* schedule retransmission job */
386 job = retransmit_request_job_create(message_id, this->ike_sa_id);
387 charon->event_queue->add_relative(charon->event_queue, (job_t*)job, timeout);
388 return SUCCESS;
389 }
390
391 /**
392 * Implementation of ike_sa.retransmit_request.
393 */
394 static status_t retransmit_request(private_ike_sa_t *this, u_int32_t message_id)
395 {
396 if (this->transaction_out == NULL ||
397 this->transaction_out->get_message_id(this->transaction_out) != message_id)
398 {
399 /* no retransmit necessary, transaction did already complete */
400 return SUCCESS;
401 }
402 return transmit_request(this);
403 }
404
405 /**
406 * Check for transactions in the queue and initiate the first transaction found.
407 */
408 static status_t process_transaction_queue(private_ike_sa_t *this)
409 {
410 if (this->transaction_out)
411 {
412 /* already a transaction in progress */
413 return SUCCESS;
414 }
415
416 while (TRUE)
417 {
418 if (this->transaction_queue->remove_first(this->transaction_queue,
419 (void**)&this->transaction_out) != SUCCESS)
420 {
421 /* transaction queue empty */
422 return SUCCESS;
423 }
424 switch (transmit_request(this))
425 {
426 case SUCCESS:
427 return SUCCESS;
428 case DESTROY_ME:
429 /* critical, IKE_SA unusable, destroy immediately */
430 this->logger->log(this->logger, ERROR,
431 "transaction initiaton failed, deleting IKE_SA");
432 return DESTROY_ME;
433 default:
434 /* discard transaction, process next one */
435 this->logger->log(this->logger, ERROR,
436 "transaction initiation failed, discarded");
437 this->transaction_out->destroy(this->transaction_out);
438 this->transaction_out = NULL;
439 /* handle next transaction */
440 continue;
441 }
442 }
443 }
444
445 /**
446 * Queue a new transaction and execute the next outstanding transaction
447 */
448 static status_t queue_transaction(private_ike_sa_t *this, transaction_t *transaction, bool prefer)
449 {
450 /* inject next transaction */
451 if (transaction)
452 {
453 if (prefer)
454 {
455 this->transaction_queue->insert_first(this->transaction_queue, transaction);
456 }
457 else
458 {
459 this->transaction_queue->insert_last(this->transaction_queue, transaction);
460 }
461 }
462 /* process a transaction */
463 return process_transaction_queue(this);
464 }
465
466 /**
467 * process an incoming request.
468 */
469 static status_t process_request(private_ike_sa_t *this, message_t *request)
470 {
471 transaction_t *last, *current = NULL;
472 message_t *response;
473 packet_t *packet;
474 u_int32_t request_mid;
475 status_t status;
476
477 request_mid = request->get_message_id(request);
478 last = this->transaction_in;
479
480 /* check if message ID is correct */
481 if (last)
482 {
483 u_int32_t last_mid = last->get_message_id(last);
484
485 if (last_mid == request_mid)
486 {
487 /* retransmit detected */
488 this->logger->log(this->logger, ERROR,
489 "received retransmitted request for message ID %d, retransmitting response",
490 request_mid);
491 last->get_response(last, request, &response, &this->transaction_in_next);
492 packet = response->get_packet(response);
493 charon->send_queue->add(charon->send_queue, packet);
494 this->time_outbound = time(NULL);
495 return SUCCESS;
496 }
497
498 if (last_mid > request_mid)
499 {
500 /* something seriously wrong here, message id may not decrease */
501 this->logger->log(this->logger, ERROR,
502 "received request with message ID %d, excepted %d, ingored",
503 request_mid, last_mid + 1);
504 return FAILED;
505 }
506 /* we allow jumps in message IDs, as long as they are incremental */
507 if (last_mid + 1 < request_mid)
508 {
509 this->logger->log(this->logger, ERROR,
510 "received request with message ID %d, excepted %d",
511 request_mid, last_mid + 1);
512 }
513 }
514 else
515 {
516 if (request_mid != 0)
517 {
518 /* warn, but allow it */
519 this->logger->log(this->logger, CONTROL,
520 "first received request has message ID %d, excepted 0",
521 request_mid);
522 }
523 }
524
525 /* check if we already have a pre-created transaction for this request */
526 if (this->transaction_in_next)
527 {
528 current = this->transaction_in_next;
529 this->transaction_in_next = NULL;
530 }
531 else
532 {
533 current = transaction_create(&this->public, request);
534 if (current == NULL)
535 {
536 this->logger->log(this->logger, ERROR,
537 "no idea how to handle received message (%d), ignored",
538 request->get_exchange_type(request));
539 return FAILED;
540 }
541 }
542
543 /* send message. get_request() always gives a valid response */
544 status = current->get_response(current, request, &response, &this->transaction_in_next);
545 if (response->generate(response, this->crypter_out, this->signer_out, &packet) != SUCCESS)
546 {
547 this->logger->log(this->logger, ERROR,
548 "response generation failed, discarding transaction");
549 current->destroy(current);
550 return FAILED;
551 }
552
553 charon->send_queue->add(charon->send_queue, packet);
554 this->time_outbound = time(NULL);
555 /* act depending on transaction result */
556 switch (status)
557 {
558 case DESTROY_ME:
559 /* transactions says we should destroy the IKE_SA, so do it */
560 current->destroy(current);
561 return DESTROY_ME;
562 default:
563 /* store for retransmission, destroy old transaction */
564 this->transaction_in = current;
565 if (last)
566 {
567 last->destroy(last);
568 }
569 return SUCCESS;
570 }
571 }
572
573 /**
574 * process an incoming response
575 */
576 static status_t process_response(private_ike_sa_t *this, message_t *response)
577 {
578 transaction_t *current, *new = NULL;
579
580 current = this->transaction_out;
581 /* check if message ID is that of our currently active transaction */
582 if (current == NULL ||
583 current->get_message_id(current) !=
584 response->get_message_id(response))
585 {
586 this->logger->log(this->logger, ERROR,
587 "received response with message ID %d not requested, ignored");
588 return FAILED;
589 }
590
591 switch (current->conclude(current, response, &new))
592 {
593 case DESTROY_ME:
594 /* state requested to destroy IKE_SA */
595 return DESTROY_ME;
596 default:
597 /* discard transaction, process next one */
598 break;
599 }
600 /* transaction comleted, remove */
601 current->destroy(current);
602 this->transaction_out = NULL;
603
604 /* queue new transaction */
605 return queue_transaction(this, new, TRUE);
606 }
607
608 /**
609 * send a notify back to the sender
610 */
611 static void send_notify_response(private_ike_sa_t *this,
612 message_t *request,
613 notify_type_t type)
614 {
615 notify_payload_t *notify;
616 message_t *response;
617 host_t *src, *dst;
618 packet_t *packet;
619
620 response = message_create();
621 dst = request->get_source(request);
622 src = request->get_destination(request);
623 response->set_source(response, src->clone(src));
624 response->set_destination(response, dst->clone(dst));
625 response->set_exchange_type(response, request->get_exchange_type(request));
626 response->set_request(response, FALSE);
627 response->set_message_id(response, request->get_message_id(request));
628 response->set_ike_sa_id(response, this->ike_sa_id);
629 notify = notify_payload_create_from_protocol_and_type(PROTO_NONE, type);
630 response->add_payload(response, (payload_t *)notify);
631 if (response->generate(response, this->crypter_out, this->signer_out, &packet) != SUCCESS)
632 {
633 response->destroy(response);
634 return;
635 }
636 charon->send_queue->add(charon->send_queue, packet);
637 this->time_outbound = time(NULL);
638 response->destroy(response);
639 return;
640 }
641
642
643 /**
644 * Implementation of ike_sa_t.process_message.
645 */
646 static status_t process_message(private_ike_sa_t *this, message_t *message)
647 {
648 status_t status;
649 bool is_request;
650
651 is_request = message->get_request(message);
652
653 status = message->parse_body(message, this->crypter_in, this->signer_in);
654 if (status != SUCCESS)
655 {
656 switch (status)
657 {
658 case NOT_SUPPORTED:
659 this->logger->log(this->logger, ERROR,
660 "ciritcal unknown payloads found");
661 if (is_request)
662 {
663 send_notify_response(this, message, UNSUPPORTED_CRITICAL_PAYLOAD);
664 }
665 break;
666 case PARSE_ERROR:
667 this->logger->log(this->logger, ERROR,
668 "message parsing failed");
669 if (is_request)
670 {
671 send_notify_response(this, message, INVALID_SYNTAX);
672 }
673 break;
674 case VERIFY_ERROR:
675 this->logger->log(this->logger, ERROR,
676 "message verification failed");
677 if (is_request)
678 {
679 send_notify_response(this, message, INVALID_SYNTAX);
680 }
681 break;
682 case FAILED:
683 this->logger->log(this->logger, ERROR,
684 "integrity check failed");
685 /* ignored */
686 break;
687 case INVALID_STATE:
688 this->logger->log(this->logger, ERROR,
689 "found encrypted message, but no keys available");
690 if (is_request)
691 {
692 send_notify_response(this, message, INVALID_SYNTAX);
693 }
694 default:
695 break;
696 }
697 this->logger->log(this->logger, ERROR,
698 "%s %s with message ID %d processing failed",
699 mapping_find(exchange_type_m, message->get_exchange_type(message)),
700 message->get_request(message) ? "request" : "response",
701 message->get_message_id(message));
702 }
703 else
704 {
705 /* check if message is trustworthy, and update connection information */
706 if ((this->state == IKE_CREATED && this->connection) ||
707 message->get_exchange_type(message) != IKE_SA_INIT)
708 {
709 update_hosts(this, message->get_destination(message),
710 message->get_source(message));
711 this->time_inbound = time(NULL);
712 }
713 if (is_request)
714 {
715 status = process_request(this, message);
716 }
717 else
718 {
719 status = process_response(this, message);
720 }
721 }
722 return status;
723 }
724
725 /**
726 * Implementation of ike_sa_t.initiate.
727 */
728 static status_t initiate(private_ike_sa_t *this, connection_t *connection)
729 {
730 ike_sa_init_t *ike_sa_init;
731
732 /* set connection and policy */
733 this->connection = connection;
734 this->policy = charon->policies->get_policy_by_name(charon->policies,
735 this->connection->get_name(this->connection));
736 if (this->policy == NULL)
737 {
738 this->logger->log(this->logger, ERROR,
739 "no policy found for connection %s, aborting",
740 connection->get_name(connection));
741 return DESTROY_ME;
742 }
743 this->message_id_out = 1;
744 ike_sa_init = ike_sa_init_create(&this->public);
745 return queue_transaction(this, (transaction_t*)ike_sa_init, TRUE);
746 }
747
748 /**
749 * Implementation of ike_sa_t.send_dpd
750 */
751 static status_t send_dpd(private_ike_sa_t *this)
752 {
753 send_dpd_job_t *job;
754 time_t diff, interval;
755 status_t status = SUCCESS;
756
757 interval = charon->configuration->get_dpd_interval(charon->configuration);
758
759 if (this->transaction_out)
760 {
761 /* there is a transaction in progress. Come back later */
762 diff = 0;
763 }
764 else
765 {
766 /* check if there was any inbound traffic */
767 time_t last_in, now;
768 last_in = get_time_inbound(this);
769 now = time(NULL);
770 diff = now - last_in;
771 if (diff >= interval)
772 {
773 /* to long ago, initiate dead peer detection */
774 dead_peer_detection_t *dpd;
775 this->logger->log(this->logger, CONTROL, "sending DPD request");
776 dpd = dead_peer_detection_create(&this->public);
777 status = queue_transaction(this, (transaction_t*)dpd, FALSE);
778 diff = 0;
779 }
780 }
781 /* recheck in "interval" seconds */
782 job = send_dpd_job_create(this->ike_sa_id);
783 charon->event_queue->add_relative(charon->event_queue, (job_t*)job,
784 (interval - diff) * 1000);
785 return SUCCESS;
786 }
787
788 /**
789 * Implementation of ike_sa_t.send_keepalive
790 */
791 static void send_keepalive(private_ike_sa_t *this)
792 {
793 send_keepalive_job_t *job;
794 time_t last_out, now, diff, interval;
795
796 last_out = get_time_outbound(this);
797 now = time(NULL);
798
799 diff = now - last_out;
800 interval = charon->configuration->get_keepalive_interval(charon->configuration);
801
802 if (diff >= interval)
803 {
804 host_t *me, *other;
805 packet_t *packet;
806 chunk_t data;
807
808 packet = packet_create();
809 me = this->connection->get_my_host(this->connection);
810 other = this->connection->get_other_host(this->connection);
811 packet->set_source(packet, me->clone(me));
812 packet->set_destination(packet, other->clone(other));
813 data.ptr = malloc(1);
814 data.ptr[0] = 0xFF;
815 data.len = 1;
816 packet->set_data(packet, data);
817 charon->send_queue->add(charon->send_queue, packet);
818 this->logger->log(this->logger, CONTROL, "sending keep alive");
819 diff = 0;
820 }
821 job = send_keepalive_job_create(this->ike_sa_id);
822 charon->event_queue->add_relative(charon->event_queue, (job_t*)job,
823 (interval - diff) * 1000);
824 }
825
826 /**
827 * Implementation of ike_sa_t.get_state.
828 */
829 static ike_sa_state_t get_state(private_ike_sa_t *this)
830 {
831 return this->state;
832 }
833
834 /**
835 * Implementation of ike_sa_t.set_state.
836 */
837 static void set_state(private_ike_sa_t *this, ike_sa_state_t state)
838 {
839 this->logger->log(this->logger, CONTROL, "state change: %s => %s",
840 mapping_find(ike_sa_state_m, this->state),
841 mapping_find(ike_sa_state_m, state));
842 if (state == IKE_ESTABLISHED)
843 {
844 host_t *my_host, *other_host;
845 identification_t *my_id, *other_id;
846 my_host = this->connection->get_my_host(this->connection);
847 other_host = this->connection->get_other_host(this->connection);
848 my_id = this->policy->get_my_id(this->policy);
849 other_id = this->policy->get_other_id(this->policy);
850 this->logger->log(this->logger, AUDIT, "IKE_SA established: %s[%s]...%s[%s]",
851 my_host->get_address(my_host),
852 my_id->get_string(my_id),
853 other_host->get_address(other_host),
854 other_id->get_string(other_id));
855
856 send_dpd(this);
857 }
858 this->state = state;
859 }
860
861 /**
862 * Implementation of protected_ike_sa_t.get_connection.
863 */
864 static connection_t *get_connection(private_ike_sa_t *this)
865 {
866 return this->connection;
867 }
868
869 /**
870 * Implementation of protected_ike_sa_t.set_connection.
871 */
872 static void set_connection(private_ike_sa_t *this,connection_t * connection)
873 {
874 this->connection = connection;
875 }
876
877 /**
878 * Implementation of protected_ike_sa_t.get_policy.
879 */
880 static policy_t *get_policy(private_ike_sa_t *this)
881 {
882 return this->policy;
883 }
884
885 /**
886 * Implementation of protected_ike_sa_t.set_policy.
887 */
888 static void set_policy(private_ike_sa_t *this,policy_t * policy)
889 {
890 this->policy = policy;
891 }
892
893 /**
894 * Implementation of protected_ike_sa_t.get_prf.
895 */
896 static prf_t *get_prf(private_ike_sa_t *this)
897 {
898 return this->prf;
899 }
900
901 /**
902 * Implementation of protected_ike_sa_t.get_prf.
903 */
904 static prf_t *get_child_prf(private_ike_sa_t *this)
905 {
906 return this->child_prf;
907 }
908
909 /**
910 * Implementation of protected_ike_sa_t.get_prf_auth_i.
911 */
912 static prf_t *get_prf_auth_i(private_ike_sa_t *this)
913 {
914 return this->prf_auth_i;
915 }
916
917 /**
918 * Implementation of protected_ike_sa_t.get_prf_auth_r.
919 */
920 static prf_t *get_prf_auth_r(private_ike_sa_t *this)
921 {
922 return this->prf_auth_r;
923 }
924 /**
925 * Implementation of ike_sa_t.get_id.
926 */
927 static ike_sa_id_t* get_id(private_ike_sa_t *this)
928 {
929 return this->ike_sa_id;
930 }
931
932 /**
933 * Implementation of protected_ike_sa_t.build_transforms.
934 */
935 static status_t build_transforms(private_ike_sa_t *this, proposal_t *proposal,
936 diffie_hellman_t *dh, chunk_t nonce_i, chunk_t nonce_r,
937 bool initiator)
938 {
939 chunk_t nonces, nonces_spis, skeyseed, key, secret;
940 u_int64_t spi_i, spi_r;
941 prf_plus_t *prf_plus;
942 algorithm_t *algo;
943 size_t key_size;
944 crypter_t *crypter_i, *crypter_r;
945 signer_t *signer_i, *signer_r;
946
947 /* Build the PRF+ instance for deriving keys */
948 if (!proposal->get_algorithm(proposal, PSEUDO_RANDOM_FUNCTION, &algo))
949 {
950 this->logger->log(this->logger, ERROR, "no PSEUDO_RANDOM_FUNCTION selected!");
951 return FAILED;
952 }
953 this->prf = prf_create(algo->algorithm);
954 if (this->prf == NULL)
955 {
956 this->logger->log(this->logger, ERROR, "PSEUDO_RANDOM_FUNCTION %s not supported!",
957 mapping_find(pseudo_random_function_m, algo->algorithm));
958 return FAILED;
959 }
960
961 /* nonces = nonce_i | nonce_r */
962 nonces = chunk_alloc(nonce_i.len + nonce_r.len);
963 memcpy(nonces.ptr, nonce_i.ptr, nonce_i.len);
964 memcpy(nonces.ptr + nonce_i.len, nonce_r.ptr, nonce_r.len);
965
966 /* prf_seed = nonce_i | nonce_r | spi_i | spi_r */
967 nonces_spis = chunk_alloc(nonces.len + 16);
968 memcpy(nonces_spis.ptr, nonces.ptr, nonces.len);
969 spi_i = this->ike_sa_id->get_initiator_spi(this->ike_sa_id);
970 spi_r = this->ike_sa_id->get_responder_spi(this->ike_sa_id);
971 memcpy(nonces_spis.ptr + nonces.len, &spi_i, 8);
972 memcpy(nonces_spis.ptr + nonces.len + 8, &spi_r, 8);
973
974 /* SKEYSEED = prf(Ni | Nr, g^ir) */
975 dh->get_shared_secret(dh, &secret);
976 this->logger->log_chunk(this->logger, PRIVATE, "shared Diffie Hellman secret", secret);
977 this->prf->set_key(this->prf, nonces);
978 this->prf->allocate_bytes(this->prf, secret, &skeyseed);
979 this->logger->log_chunk(this->logger, PRIVATE|LEVEL1, "SKEYSEED", skeyseed);
980 chunk_free(&secret);
981
982 /* prf+ (SKEYSEED, Ni | Nr | SPIi | SPIr )
983 * = SK_d | SK_ai | SK_ar | SK_ei | SK_er | SK_pi | SK_pr
984 */
985 this->prf->set_key(this->prf, skeyseed);
986 prf_plus = prf_plus_create(this->prf, nonces_spis);
987
988 /* clean up unused stuff */
989 chunk_free(&nonces);
990 chunk_free(&nonces_spis);
991 chunk_free(&skeyseed);
992
993 /* SK_d used for prf+ to derive keys for child SAs */
994 this->child_prf = prf_create(algo->algorithm);
995 key_size = this->child_prf->get_key_size(this->child_prf);
996 prf_plus->allocate_bytes(prf_plus, key_size, &key);
997 this->logger->log_chunk(this->logger, PRIVATE, "Sk_d secret", key);
998 this->child_prf->set_key(this->child_prf, key);
999 chunk_free(&key);
1000
1001 /* SK_ai/SK_ar used for integrity protection */
1002 if (!proposal->get_algorithm(proposal, INTEGRITY_ALGORITHM, &algo))
1003 {
1004 this->logger->log(this->logger, ERROR, "no INTEGRITY_ALGORITHM selected?!");
1005 return FAILED;
1006 }
1007
1008 signer_i = signer_create(algo->algorithm);
1009 signer_r = signer_create(algo->algorithm);
1010 if (signer_i == NULL || signer_r == NULL)
1011 {
1012 this->logger->log(this->logger, ERROR, "INTEGRITY_ALGORITHM %s not supported!",
1013 mapping_find(integrity_algorithm_m,algo->algorithm));
1014 return FAILED;
1015 }
1016 key_size = signer_i->get_key_size(signer_i);
1017
1018 prf_plus->allocate_bytes(prf_plus, key_size, &key);
1019 this->logger->log_chunk(this->logger, CONTROL|LEVEL1, "Sk_ai secret", key);
1020 signer_i->set_key(signer_i, key);
1021 chunk_free(&key);
1022
1023 prf_plus->allocate_bytes(prf_plus, key_size, &key);
1024 this->logger->log_chunk(this->logger, CONTROL|LEVEL1, "Sk_ar secret", key);
1025 signer_r->set_key(signer_r, key);
1026 chunk_free(&key);
1027
1028 if (initiator)
1029 {
1030 this->signer_in = signer_r;
1031 this->signer_out = signer_i;
1032 }
1033 else
1034 {
1035 this->signer_in = signer_i;
1036 this->signer_out = signer_r;
1037 }
1038
1039 /* SK_ei/SK_er used for encryption */
1040 if (!proposal->get_algorithm(proposal, ENCRYPTION_ALGORITHM, &algo))
1041 {
1042 this->logger->log(this->logger, ERROR, "no ENCRYPTION_ALGORITHM selected!");
1043 return FAILED;
1044 }
1045 crypter_i = crypter_create(algo->algorithm, algo->key_size / 8);
1046 crypter_r = crypter_create(algo->algorithm, algo->key_size / 8);
1047 if (crypter_i == NULL || crypter_r == NULL)
1048 {
1049 this->logger->log(this->logger, ERROR,
1050 "ENCRYPTION_ALGORITHM %s (key size %d) not supported!",
1051 mapping_find(encryption_algorithm_m, algo->algorithm),
1052 algo->key_size);
1053 return FAILED;
1054 }
1055 key_size = crypter_i->get_key_size(crypter_i);
1056
1057 prf_plus->allocate_bytes(prf_plus, key_size, &key);
1058 this->logger->log_chunk(this->logger, PRIVATE, "Sk_ei secret", key);
1059 crypter_i->set_key(crypter_i, key);
1060 chunk_free(&key);
1061
1062 prf_plus->allocate_bytes(prf_plus, key_size, &key);
1063 this->logger->log_chunk(this->logger, PRIVATE, "Sk_er secret", key);
1064 crypter_r->set_key(crypter_r, key);
1065 chunk_free(&key);
1066
1067 if (initiator)
1068 {
1069 this->crypter_in = crypter_r;
1070 this->crypter_out = crypter_i;
1071 }
1072 else
1073 {
1074 this->crypter_in = crypter_i;
1075 this->crypter_out = crypter_r;
1076 }
1077
1078 /* SK_pi/SK_pr used for authentication */
1079 proposal->get_algorithm(proposal, PSEUDO_RANDOM_FUNCTION, &algo);
1080 this->prf_auth_i = prf_create(algo->algorithm);
1081 this->prf_auth_r = prf_create(algo->algorithm);
1082
1083 key_size = this->prf_auth_i->get_key_size(this->prf_auth_i);
1084 prf_plus->allocate_bytes(prf_plus, key_size, &key);
1085 this->logger->log_chunk(this->logger, PRIVATE, "Sk_pi secret", key);
1086 this->prf_auth_i->set_key(this->prf_auth_i, key);
1087 chunk_free(&key);
1088
1089 prf_plus->allocate_bytes(prf_plus, key_size, &key);
1090 this->logger->log_chunk(this->logger, PRIVATE, "Sk_pr secret", key);
1091 this->prf_auth_r->set_key(this->prf_auth_r, key);
1092 chunk_free(&key);
1093
1094 /* all done, prf_plus not needed anymore */
1095 prf_plus->destroy(prf_plus);
1096
1097 return SUCCESS;
1098 }
1099
1100 /**
1101 * Implementation of protected_ike_sa_t.add_child_sa.
1102 */
1103 static void add_child_sa(private_ike_sa_t *this, child_sa_t *child_sa)
1104 {
1105 this->child_sas->insert_last(this->child_sas, child_sa);
1106 }
1107
1108 /**
1109 * Implementation of protected_ike_sa_t.get_child_sa.
1110 */
1111 static child_sa_t* get_child_sa(private_ike_sa_t *this, protocol_id_t protocol,
1112 u_int32_t spi, bool inbound)
1113 {
1114 iterator_t *iterator;
1115 child_sa_t *current, *found = NULL;
1116
1117 iterator = this->child_sas->create_iterator(this->child_sas, FALSE);
1118 while (iterator->has_next(iterator))
1119 {
1120 iterator->current(iterator, (void**)&current);
1121 if (current->get_spi(current, inbound) == spi &&
1122 current->get_protocol(current) == protocol)
1123 {
1124 found = current;
1125 }
1126 }
1127 iterator->destroy(iterator);
1128 return found;
1129 }
1130
1131 /**
1132 * Implementation of ike_sa_t.rekey_child_sa.
1133 */
1134 static status_t rekey_child_sa(private_ike_sa_t *this, protocol_id_t protocol, u_int32_t spi)
1135 {
1136 create_child_sa_t *rekey;
1137 child_sa_t *child_sa;
1138
1139 child_sa = get_child_sa(this, protocol, spi, TRUE);
1140 if (child_sa == NULL)
1141 {
1142 return NOT_FOUND;
1143 }
1144
1145 rekey = create_child_sa_create(&this->public);
1146 rekey->rekeys_child(rekey, child_sa);
1147 return queue_transaction(this, (transaction_t*)rekey, FALSE);
1148 }
1149
1150 /**
1151 * Implementation of ike_sa_t.delete_child_sa.
1152 */
1153 static status_t delete_child_sa(private_ike_sa_t *this, protocol_id_t protocol, u_int32_t spi)
1154 {
1155 delete_child_sa_t *del;
1156 child_sa_t *child_sa;
1157
1158 child_sa = get_child_sa(this, protocol, spi, TRUE);
1159 if (child_sa == NULL)
1160 {
1161 return NOT_FOUND;
1162 }
1163
1164 del = delete_child_sa_create(&this->public);
1165 del->set_child_sa(del, child_sa);
1166 return queue_transaction(this, (transaction_t*)del, FALSE);
1167 }
1168
1169 /**
1170 * Implementation of protected_ike_sa_t.destroy_child_sa.
1171 */
1172 static status_t destroy_child_sa(private_ike_sa_t *this, protocol_id_t protocol, u_int32_t spi)
1173 {
1174 iterator_t *iterator;
1175 child_sa_t *child_sa;
1176 status_t status = NOT_FOUND;
1177
1178 iterator = this->child_sas->create_iterator(this->child_sas, TRUE);
1179 while (iterator->iterate(iterator, (void**)&child_sa))
1180 {
1181 if (child_sa->get_protocol(child_sa) == protocol &&
1182 child_sa->get_spi(child_sa, TRUE) == spi)
1183 {
1184 child_sa->destroy(child_sa);
1185 iterator->remove(iterator);
1186 status = SUCCESS;
1187 break;
1188 }
1189 }
1190 iterator->destroy(iterator);
1191 return status;
1192 }
1193
1194
1195 /**
1196 * Implementation of protected_ike_sa_t.log_status.
1197 */
1198 static void log_status(private_ike_sa_t *this, logger_t *logger, char *name)
1199 {
1200 iterator_t *iterator;
1201 child_sa_t *child_sa;
1202 host_t *my_host, *other_host;
1203 identification_t *my_id = NULL, *other_id = NULL;
1204
1205 /* only log if name == NULL or name == connection_name */
1206 if (name)
1207 {
1208 if (streq(this->connection->get_name(this->connection), name))
1209 {
1210 return;
1211 }
1212 }
1213 my_host = this->connection->get_my_host(this->connection);
1214 other_host = this->connection->get_other_host(this->connection);
1215
1216 /* use policy information, if available */
1217 if (this->policy)
1218 {
1219 my_id = this->policy->get_my_id(this->policy);
1220 other_id = this->policy->get_other_id(this->policy);
1221 name = this->policy->get_name(this->policy);
1222 }
1223 else
1224 {
1225 name = this->connection->get_name(this->connection);
1226 }
1227
1228 if (logger == NULL)
1229 {
1230 logger = this->logger;
1231 }
1232 logger->log(logger, CONTROL|LEVEL1, " \"%s\": IKE_SA in state %s, SPIs: 0x%.16llx 0x%.16llx",
1233 name,
1234 mapping_find(ike_sa_state_m, this->state),
1235 this->ike_sa_id->get_initiator_spi(this->ike_sa_id),
1236 this->ike_sa_id->get_responder_spi(this->ike_sa_id));
1237 logger->log(logger, CONTROL, " \"%s\": %s[%s]...%s[%s]",
1238 name,
1239 my_host->get_address(my_host),
1240 my_id ? my_id->get_string(my_id) : "(unknown)",
1241 other_host->get_address(other_host),
1242 other_id ? other_id->get_string(other_id) : "(unknown)");
1243
1244 iterator = this->child_sas->create_iterator(this->child_sas, TRUE);
1245 while (iterator->has_next(iterator))
1246 {
1247 iterator->current(iterator, (void**)&child_sa);
1248 child_sa->log_status(child_sa, logger, name);
1249 }
1250 iterator->destroy(iterator);
1251 }
1252
1253 /**
1254 * Implementation of public_ike_sa_t.delete.
1255 */
1256 static status_t delete_(private_ike_sa_t *this)
1257 {
1258 delete_ike_sa_t *delete_ike_sa;
1259 delete_ike_sa = delete_ike_sa_create(&this->public);
1260
1261 return queue_transaction(this, (transaction_t*)delete_ike_sa, FALSE);
1262 }
1263
1264 /**
1265 * Implementation of ike_sa_t.get_next_message_id.
1266 */
1267 static u_int32_t get_next_message_id (private_ike_sa_t *this)
1268 {
1269 return this->message_id_out++;
1270 }
1271
1272 /**
1273 * Implementation of ike_sa_t.is_natt_enabled.
1274 */
1275 static bool is_natt_enabled (private_ike_sa_t *this)
1276 {
1277 return this->nat_here || this->nat_there;
1278 }
1279
1280 /**
1281 * Implementation of protected_ike_sa_t.enable_natt.
1282 */
1283 static void enable_natt (private_ike_sa_t *this, bool local)
1284 {
1285 if (local)
1286 {
1287 this->logger->log(this->logger, CONTROL,
1288 "local host is behind NAT, using NAT-T, scheduled keep alives");
1289 this->nat_here = TRUE;
1290 send_keepalive(this);
1291 }
1292 else
1293 {
1294 this->logger->log(this->logger, CONTROL,
1295 "remote host is behind NAT, using NAT-T");
1296 this->nat_there = TRUE;
1297 }
1298 }
1299
1300 /**
1301 * Implementation of protected_ike_sa_t.destroy.
1302 */
1303 static void destroy(private_ike_sa_t *this)
1304 {
1305 child_sa_t *child_sa;
1306 transaction_t *transaction;
1307
1308 this->logger->log(this->logger, CONTROL|LEVEL2, "going to destroy IKE SA %llu:%llu, role %s",
1309 this->ike_sa_id->get_initiator_spi(this->ike_sa_id),
1310 this->ike_sa_id->get_responder_spi(this->ike_sa_id),
1311 this->ike_sa_id->is_initiator(this->ike_sa_id) ? "initiator" : "responder");
1312
1313 if (this->state == IKE_ESTABLISHED)
1314 {
1315 this->logger->log(this->logger, ERROR,
1316 "destroying an established IKE SA without knowledge from remote peer!");
1317 }
1318
1319 while (this->child_sas->remove_last(this->child_sas, (void**)&child_sa) == SUCCESS)
1320 {
1321 child_sa->destroy(child_sa);
1322 }
1323 this->child_sas->destroy(this->child_sas);
1324
1325 while (this->transaction_queue->remove_last(this->transaction_queue, (void**)&transaction) == SUCCESS)
1326 {
1327 transaction->destroy(transaction);
1328 }
1329 this->transaction_queue->destroy(this->transaction_queue);
1330 if (this->transaction_in)
1331 {
1332 this->transaction_in->destroy(this->transaction_in);
1333 }
1334 if (this->transaction_in_next)
1335 {
1336 this->transaction_in_next->destroy(this->transaction_in_next);
1337 }
1338 if (this->transaction_out)
1339 {
1340 this->transaction_out->destroy(this->transaction_out);
1341 }
1342 if (this->crypter_in)
1343 {
1344 this->crypter_in->destroy(this->crypter_in);
1345 }
1346 if (this->crypter_out)
1347 {
1348 this->crypter_out->destroy(this->crypter_out);
1349 }
1350 if (this->signer_in)
1351 {
1352 this->signer_in->destroy(this->signer_in);
1353 }
1354 if (this->signer_out)
1355 {
1356 this->signer_out->destroy(this->signer_out);
1357 }
1358 if (this->prf)
1359 {
1360 this->prf->destroy(this->prf);
1361 }
1362 if (this->child_prf)
1363 {
1364 this->child_prf->destroy(this->child_prf);
1365 }
1366 if (this->prf_auth_i)
1367 {
1368 this->prf_auth_i->destroy(this->prf_auth_i);
1369 }
1370 if (this->prf_auth_r)
1371 {
1372 this->prf_auth_r->destroy(this->prf_auth_r);
1373 }
1374 if (this->connection)
1375 {
1376 host_t *my_host, *other_host;
1377 identification_t *my_id = NULL, *other_id = NULL;
1378 my_host = this->connection->get_my_host(this->connection);
1379 other_host = this->connection->get_other_host(this->connection);
1380 if (this->policy)
1381 {
1382 my_id = this->policy->get_my_id(this->policy);
1383 other_id = this->policy->get_other_id(this->policy);
1384 }
1385
1386 this->logger->log(this->logger, AUDIT, "IKE_SA deleted between %s[%s]...%s[%s]",
1387 my_host->get_address(my_host),
1388 my_id ? my_id->get_string(my_id) : "(unknown)",
1389 other_host->get_address(other_host),
1390 other_id ? other_id->get_string(other_id) : "(unknown)");
1391 this->connection->destroy(this->connection);
1392 }
1393 if (this->policy)
1394 {
1395 this->policy->destroy(this->policy);
1396 }
1397 this->ike_sa_id->destroy(this->ike_sa_id);
1398 free(this);
1399 }
1400
1401 /*
1402 * Described in header.
1403 */
1404 ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id)
1405 {
1406 private_ike_sa_t *this = malloc_thing(private_ike_sa_t);
1407
1408 /* Public functions */
1409 this->public.get_state = (ike_sa_state_t(*)(ike_sa_t*)) get_state;
1410 this->public.set_state = (void(*)(ike_sa_t*,ike_sa_state_t)) set_state;
1411 this->public.process_message = (status_t(*)(ike_sa_t*, message_t*)) process_message;
1412 this->public.initiate = (status_t(*)(ike_sa_t*,connection_t*)) initiate;
1413 this->public.get_id = (ike_sa_id_t*(*)(ike_sa_t*)) get_id;
1414 this->public.get_next_message_id = (u_int32_t(*)(ike_sa_t*)) get_next_message_id;
1415 this->public.get_connection = (connection_t*(*)(ike_sa_t*)) get_connection;
1416 this->public.retransmit_request = (status_t (*) (ike_sa_t *, u_int32_t)) retransmit_request;
1417 this->public.log_status = (void (*) (ike_sa_t*,logger_t*,char*))log_status;
1418 this->public.delete = (status_t(*)(ike_sa_t*))delete_;
1419 this->public.destroy = (void(*)(ike_sa_t*))destroy;
1420 this->public.send_dpd = (status_t (*)(ike_sa_t*)) send_dpd;
1421 this->public.send_keepalive = (void (*)(ike_sa_t*)) send_keepalive;
1422 this->public.get_prf = (prf_t *(*) (ike_sa_t *)) get_prf;
1423 this->public.get_child_prf = (prf_t *(*) (ike_sa_t *)) get_child_prf;
1424 this->public.get_prf_auth_i = (prf_t *(*) (ike_sa_t *)) get_prf_auth_i;
1425 this->public.get_prf_auth_r = (prf_t *(*) (ike_sa_t *)) get_prf_auth_r;
1426 this->public.set_connection = (void (*) (ike_sa_t *,connection_t *)) set_connection;
1427 this->public.get_connection = (connection_t *(*) (ike_sa_t *)) get_connection;
1428 this->public.set_policy = (void (*) (ike_sa_t *,policy_t *)) set_policy;
1429 this->public.get_policy = (policy_t *(*) (ike_sa_t *)) get_policy;
1430 this->public.build_transforms = (status_t (*) (ike_sa_t *,proposal_t*,diffie_hellman_t*,chunk_t,chunk_t,bool)) build_transforms;
1431 this->public.add_child_sa = (void (*) (ike_sa_t*,child_sa_t*)) add_child_sa;
1432 this->public.get_child_sa = (child_sa_t* (*)(ike_sa_t*,protocol_id_t,u_int32_t,bool)) get_child_sa;
1433 this->public.rekey_child_sa = (status_t(*)(ike_sa_t*,protocol_id_t,u_int32_t)) rekey_child_sa;
1434 this->public.delete_child_sa = (status_t(*)(ike_sa_t*,protocol_id_t,u_int32_t)) delete_child_sa;
1435 this->public.destroy_child_sa = (status_t (*)(ike_sa_t*,protocol_id_t,u_int32_t))destroy_child_sa;
1436 this->public.enable_natt = (void(*)(ike_sa_t*, bool)) enable_natt;
1437 this->public.is_natt_enabled = (bool(*)(ike_sa_t*)) is_natt_enabled;
1438
1439 /* initialize private fields */
1440 this->logger = logger_manager->get_logger(logger_manager, IKE_SA);
1441 this->ike_sa_id = ike_sa_id->clone(ike_sa_id);
1442 this->child_sas = linked_list_create();
1443 this->crypter_in = NULL;
1444 this->crypter_out = NULL;
1445 this->signer_in = NULL;
1446 this->signer_out = NULL;
1447 this->prf = NULL;
1448 this->prf_auth_i = NULL;
1449 this->prf_auth_r = NULL;
1450 this->child_prf = NULL;
1451 this->connection = NULL;
1452 this->policy = NULL;
1453 this->nat_here = FALSE;
1454 this->nat_there = FALSE;
1455 this->transaction_queue = linked_list_create();
1456 this->transaction_in = NULL;
1457 this->transaction_in_next = NULL;
1458 this->transaction_out = NULL;
1459 this->state = IKE_CREATED;
1460 /* we start with message ID out, as ike_sa_init does not use this counter */
1461 this->message_id_out = 0;
1462 this->time_inbound = 0;
1463 this->time_outbound = 0;
1464
1465 return &this->public;
1466 }