show rekeying|reauthentication time
[strongswan.git] / src / charon / sa / ike_sa.c
1 /**
2 * @file ike_sa.c
3 *
4 * @brief Implementation of ike_sa_t.
5 *
6 */
7
8 /*
9 * Copyright (C) 2006 Tobias Brunner, Daniel Roethlisberger
10 * Copyright (C) 2005-2006 Martin Willi
11 * Copyright (C) 2005 Jan Hutter
12 * Hochschule fuer Technik Rapperswil
13 *
14 * This program is free software; you can redistribute it and/or modify it
15 * under the terms of the GNU General Public License as published by the
16 * Free Software Foundation; either version 2 of the License, or (at your
17 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
18 *
19 * This program is distributed in the hope that it will be useful, but
20 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
21 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
22 * for more details.
23 */
24
25 #include <sys/time.h>
26 #include <string.h>
27 #include <printf.h>
28
29 #include "ike_sa.h"
30
31 #include <library.h>
32 #include <daemon.h>
33 #include <utils/linked_list.h>
34 #include <crypto/diffie_hellman.h>
35 #include <crypto/prf_plus.h>
36 #include <crypto/crypters/crypter.h>
37 #include <crypto/hashers/hasher.h>
38 #include <encoding/payloads/sa_payload.h>
39 #include <encoding/payloads/nonce_payload.h>
40 #include <encoding/payloads/ke_payload.h>
41 #include <encoding/payloads/delete_payload.h>
42 #include <encoding/payloads/transform_substructure.h>
43 #include <encoding/payloads/transform_attribute.h>
44 #include <encoding/payloads/ts_payload.h>
45 #include <sa/transactions/transaction.h>
46 #include <sa/transactions/ike_sa_init.h>
47 #include <sa/transactions/delete_ike_sa.h>
48 #include <sa/transactions/create_child_sa.h>
49 #include <sa/transactions/delete_child_sa.h>
50 #include <sa/transactions/dead_peer_detection.h>
51 #include <sa/transactions/rekey_ike_sa.h>
52 #include <queues/jobs/retransmit_request_job.h>
53 #include <queues/jobs/delete_ike_sa_job.h>
54 #include <queues/jobs/send_dpd_job.h>
55 #include <queues/jobs/send_keepalive_job.h>
56 #include <queues/jobs/rekey_ike_sa_job.h>
57 #include <queues/jobs/route_job.h>
58 #include <queues/jobs/initiate_job.h>
59
60 ENUM(ike_sa_state_names, IKE_CREATED, IKE_DELETING,
61 "CREATED",
62 "CONNECTING",
63 "ESTABLISHED",
64 "REKEYING",
65 "DELETING",
66 );
67
68 typedef struct private_ike_sa_t private_ike_sa_t;
69
70 /**
71 * Private data of an ike_sa_t object.
72 */
73 struct private_ike_sa_t {
74
75 /**
76 * Public members
77 */
78 ike_sa_t public;
79
80 /**
81 * Identifier for the current IKE_SA.
82 */
83 ike_sa_id_t *ike_sa_id;
84
85 /**
86 * Current state of the IKE_SA
87 */
88 ike_sa_state_t state;
89
90 /**
91 * Name of the connection used by this IKE_SA
92 */
93 char *name;
94
95 /**
96 * Address of local host
97 */
98 host_t *my_host;
99
100 /**
101 * Address of remote host
102 */
103 host_t *other_host;
104
105 /**
106 * Identification used for us
107 */
108 identification_t *my_id;
109
110 /**
111 * Identification used for other
112 */
113 identification_t *other_id;
114
115 /**
116 * Linked List containing the child sa's of the current IKE_SA.
117 */
118 linked_list_t *child_sas;
119
120 /**
121 * crypter for inbound traffic
122 */
123 crypter_t *crypter_in;
124
125 /**
126 * crypter for outbound traffic
127 */
128 crypter_t *crypter_out;
129
130 /**
131 * Signer for inbound traffic
132 */
133 signer_t *signer_in;
134
135 /**
136 * Signer for outbound traffic
137 */
138 signer_t *signer_out;
139
140 /**
141 * Multi purpose prf, set key, use it, forget it
142 */
143 prf_t *prf;
144
145 /**
146 * Prf function for derivating keymat child SAs
147 */
148 prf_t *child_prf;
149
150 /**
151 * PRF to build outging authentication data
152 */
153 prf_t *auth_build;
154
155 /**
156 * PRF to verify incoming authentication data
157 */
158 prf_t *auth_verify;
159
160 /**
161 * NAT hasher.
162 */
163 hasher_t *nat_hasher;
164
165 /**
166 * NAT status of local host.
167 */
168 bool nat_here;
169
170 /**
171 * NAT status of remote host.
172 */
173 bool nat_there;
174
175 /**
176 * message ID for next outgoung request
177 */
178 u_int32_t message_id_out;
179
180 /**
181 * will the IKE_SA be fully reauthenticated or rekeyed only?
182 */
183 bool reauth;
184
185 /**
186 * Timestamps for this IKE_SA
187 */
188 struct {
189 /** last IKE message received */
190 u_int32_t inbound;
191 /** last IKE message sent */
192 u_int32_t outbound;
193 /** when IKE_SA became established */
194 u_int32_t established;
195 /** when IKE_SA gets rekeyed */
196 u_int32_t rekey;
197 /** when IKE_SA gets deleted */
198 u_int32_t delete;
199 } time;
200
201 /**
202 * interval to send DPD liveness check
203 */
204 time_t dpd_delay;
205
206 /**
207 * number of retransmit sequences to go through before giving up (keyingtries)
208 */
209 u_int32_t retrans_sequences;
210
211 /**
212 * List of queued transactions to process
213 */
214 linked_list_t *transaction_queue;
215
216 /**
217 * Transaction currently initiated
218 * (only one supported yet, window size = 1)
219 */
220 transaction_t *transaction_out;
221
222 /**
223 * last transaction initiated by peer processed.
224 * (only one supported yet, window size = 1)
225 * Stored for retransmission.
226 */
227 transaction_t *transaction_in;
228
229 /**
230 * Next incoming transaction expected. Used to
231 * do multi transaction operations.
232 */
233 transaction_t *transaction_in_next;
234
235 /**
236 * Transaction which rekeys this IKE_SA, used do detect simultaneus rekeying
237 */
238 transaction_t *rekeying_transaction;
239 };
240
241 /**
242 * get the time of the latest traffic processed by the kernel
243 */
244 static time_t get_kernel_time(private_ike_sa_t* this, bool inbound)
245 {
246 iterator_t *iterator;
247 child_sa_t *child_sa;
248 time_t latest = 0, use_time;
249
250 iterator = this->child_sas->create_iterator(this->child_sas, TRUE);
251 while (iterator->iterate(iterator, (void**)&child_sa))
252 {
253 if (child_sa->get_use_time(child_sa, inbound, &use_time) == SUCCESS)
254 {
255 latest = max(latest, use_time);
256 }
257 }
258 iterator->destroy(iterator);
259
260 return latest;
261 }
262
263 /**
264 * get the time of the latest received traffice
265 */
266 static time_t get_time_inbound(private_ike_sa_t *this)
267 {
268 return max(this->time.inbound, get_kernel_time(this, TRUE));
269 }
270
271 /**
272 * get the time of the latest sent traffic
273 */
274 static time_t get_time_outbound(private_ike_sa_t *this)
275 {
276 return max(this->time.outbound, get_kernel_time(this, FALSE));
277 }
278
279 /**
280 * Implementation of ike_sa_t.get_name.
281 */
282 static char *get_name(private_ike_sa_t *this)
283 {
284 return this->name;
285 }
286
287 /**
288 * Implementation of ike_sa_t.set_name.
289 */
290 static void set_name(private_ike_sa_t *this, char* name)
291 {
292 free(this->name);
293 this->name = strdup(name);
294 }
295
296 /**
297 * Implementation of ike_sa_t.apply_connection.
298 */
299 static void apply_connection(private_ike_sa_t *this, connection_t *connection)
300 {
301 this->dpd_delay = connection->get_dpd_delay(connection);
302 this->retrans_sequences = connection->get_retrans_seq(connection);
303 }
304
305 /**
306 * Implementation of ike_sa_t.get_my_host.
307 */
308 static host_t *get_my_host(private_ike_sa_t *this)
309 {
310 return this->my_host;
311 }
312
313 /**
314 * Implementation of ike_sa_t.set_my_host.
315 */
316 static void set_my_host(private_ike_sa_t *this, host_t *me)
317 {
318 DESTROY_IF(this->my_host);
319 this->my_host = me;
320 }
321
322 /**
323 * Implementation of ike_sa_t.get_other_host.
324 */
325 static host_t *get_other_host(private_ike_sa_t *this)
326 {
327 return this->other_host;
328 }
329
330 /**
331 * Implementation of ike_sa_t.set_other_host.
332 */
333 static void set_other_host(private_ike_sa_t *this, host_t *other)
334 {
335 DESTROY_IF(this->other_host);
336 this->other_host = other;
337 }
338
339 /**
340 * Update connection host, as addresses may change (NAT)
341 */
342 static void update_hosts(private_ike_sa_t *this, host_t *me, host_t *other)
343 {
344 /*
345 * Quoting RFC 4306:
346 *
347 * 2.11. Address and Port Agility
348 *
349 * IKE runs over UDP ports 500 and 4500, and implicitly sets up ESP and
350 * AH associations for the same IP addresses it runs over. The IP
351 * addresses and ports in the outer header are, however, not themselves
352 * cryptographically protected, and IKE is designed to work even through
353 * Network Address Translation (NAT) boxes. An implementation MUST
354 * accept incoming requests even if the source port is not 500 or 4500,
355 * and MUST respond to the address and port from which the request was
356 * received. It MUST specify the address and port at which the request
357 * was received as the source address and port in the response. IKE
358 * functions identically over IPv4 or IPv6.
359 *
360 * [...]
361 *
362 * There are cases where a NAT box decides to remove mappings that
363 * are still alive (for example, the keepalive interval is too long,
364 * or the NAT box is rebooted). To recover in these cases, hosts
365 * that are not behind a NAT SHOULD send all packets (including
366 * retransmission packets) to the IP address and port from the last
367 * valid authenticated packet from the other end (i.e., dynamically
368 * update the address). A host behind a NAT SHOULD NOT do this
369 * because it opens a DoS attack possibility. Any authenticated IKE
370 * packet or any authenticated UDP-encapsulated ESP packet can be
371 * used to detect that the IP address or the port has changed.
372 */
373 iterator_t *iterator = NULL;
374 child_sa_t *child_sa = NULL;
375 host_diff_t my_diff, other_diff;
376
377 if (this->my_host->is_anyaddr(this->my_host) ||
378 this->other_host->is_anyaddr(this->other_host))
379 {
380 /* on first received message */
381 this->my_host->destroy(this->my_host);
382 this->my_host = me->clone(me);
383 this->other_host->destroy(this->other_host);
384 this->other_host = other->clone(other);
385 return;
386 }
387
388 my_diff = me->get_differences(me, this->my_host);
389 other_diff = other->get_differences(other, this->other_host);
390
391 if (!my_diff && !other_diff)
392 {
393 return;
394 }
395
396 if (my_diff)
397 {
398 this->my_host->destroy(this->my_host);
399 this->my_host = me->clone(me);
400 }
401
402 if (!this->nat_here)
403 {
404 /* update without restrictions if we are not NATted */
405 if (other_diff)
406 {
407 this->other_host->destroy(this->other_host);
408 this->other_host = other->clone(other);
409 }
410 }
411 else
412 {
413 /* if we are natted, only port may change */
414 if (other_diff & HOST_DIFF_ADDR)
415 {
416 return;
417 }
418 else if (other_diff & HOST_DIFF_PORT)
419 {
420 this->other_host->set_port(this->other_host, other->get_port(other));
421 }
422 }
423 iterator = this->child_sas->create_iterator(this->child_sas, TRUE);
424 while (iterator->iterate(iterator, (void**)&child_sa))
425 {
426 child_sa->update_hosts(child_sa, this->my_host, this->other_host,
427 my_diff, other_diff);
428 /* TODO: what to do if update fails? Delete CHILD_SA? */
429 }
430 iterator->destroy(iterator);
431 }
432
433 /**
434 * called when the peer is not responding anymore
435 */
436 static void dpd_detected(private_ike_sa_t *this)
437 {
438 connection_t *connection = NULL;
439 policy_t *policy;
440 linked_list_t *my_ts, *other_ts;
441 child_sa_t* child_sa;
442 dpd_action_t action;
443 job_t *job;
444
445 DBG2(DBG_IKE, "dead peer detected, handling CHILD_SAs dpd action");
446
447 /* check for childrens with dpdaction = hold */
448 while(this->child_sas->remove_first(this->child_sas,
449 (void**)&child_sa) == SUCCESS)
450 {
451 /* get the policy which belongs to this CHILD */
452 my_ts = child_sa->get_my_traffic_selectors(child_sa);
453 other_ts = child_sa->get_other_traffic_selectors(child_sa);
454 policy = charon->policies->get_policy(charon->policies,
455 this->my_id, this->other_id,
456 my_ts, other_ts,
457 this->my_host, this->other_host,
458 NULL);
459 if (policy == NULL)
460 {
461 DBG1(DBG_IKE, "no policy for CHILD to handle DPD");
462 continue;
463 }
464
465 action = policy->get_dpd_action(policy);
466 /* get a connection for further actions */
467 if (connection == NULL &&
468 (action == DPD_ROUTE || action == DPD_RESTART))
469 {
470 connection = charon->connections->get_connection_by_hosts(
471 charon->connections,
472 this->my_host, this->other_host);
473 if (connection == NULL)
474 {
475 SIG(IKE_UP_FAILED, "no connection found to handle DPD");
476 break;
477 }
478 }
479
480 DBG1(DBG_IKE, "dpd action for %s is %N",
481 policy->get_name(policy), dpd_action_names, action);
482
483 switch (action)
484 {
485 case DPD_ROUTE:
486 connection->get_ref(connection);
487 job = (job_t*)route_job_create(connection, policy, TRUE);
488 charon->job_queue->add(charon->job_queue, job);
489 break;
490 case DPD_RESTART:
491 connection->get_ref(connection);
492 job = (job_t*)initiate_job_create(connection, NULL, policy);
493 charon->job_queue->add(charon->job_queue, job);
494 break;
495 default:
496 policy->destroy(policy);
497 break;
498 }
499 child_sa->destroy(child_sa);
500 }
501 DESTROY_IF(connection);
502 }
503
504 /**
505 * send a request and schedule retransmission
506 */
507 static status_t transmit_request(private_ike_sa_t *this)
508 {
509 message_t *request;
510 packet_t *packet;
511 status_t status;
512 retransmit_request_job_t *job;
513 u_int32_t transmitted;
514 u_int32_t timeout;
515 transaction_t *transaction = this->transaction_out;
516 u_int32_t message_id;
517
518 transmitted = transaction->requested(transaction);
519 timeout = charon->configuration->get_retransmit_timeout(charon->configuration,
520 transmitted,
521 this->retrans_sequences);
522 if (timeout == 0)
523 {
524 DBG1(DBG_IKE, "giving up after %d retransmits, deleting IKE_SA",
525 transmitted - 1);
526 dpd_detected(this);
527 return DESTROY_ME;
528 }
529
530 status = transaction->get_request(transaction, &request);
531 if (status != SUCCESS)
532 {
533 /* generating request failed */
534 return status;
535 }
536 message_id = transaction->get_message_id(transaction);
537 /* if we retransmit, the request is already generated */
538 if (transmitted == 0)
539 {
540 status = request->generate(request, this->crypter_out, this->signer_out, &packet);
541 if (status != SUCCESS)
542 {
543 DBG1(DBG_IKE, "request generation failed. transaction discarded");
544 return FAILED;
545 }
546 }
547 else
548 {
549 DBG1(DBG_IKE, "sending retransmit %d for %N request with messageID %d",
550 transmitted, exchange_type_names, request->get_exchange_type(request),
551 message_id);
552 packet = request->get_packet(request);
553 }
554 /* finally send */
555 charon->send_queue->add(charon->send_queue, packet);
556 this->time.outbound = time(NULL);
557
558 /* schedule retransmission job */
559 job = retransmit_request_job_create(message_id, this->ike_sa_id);
560 charon->event_queue->add_relative(charon->event_queue, (job_t*)job, timeout);
561 return SUCCESS;
562 }
563
564 /**
565 * Implementation of ike_sa.retransmit_request.
566 */
567 static status_t retransmit_request(private_ike_sa_t *this, u_int32_t message_id)
568 {
569 if (this->transaction_out == NULL ||
570 this->transaction_out->get_message_id(this->transaction_out) != message_id)
571 {
572 /* no retransmit necessary, transaction did already complete */
573 return SUCCESS;
574 }
575 return transmit_request(this);
576 }
577
578 /**
579 * Check for transactions in the queue and initiate the first transaction found.
580 */
581 static status_t process_transaction_queue(private_ike_sa_t *this)
582 {
583 if (this->transaction_out)
584 {
585 /* already a transaction in progress */
586 return SUCCESS;
587 }
588
589 while (TRUE)
590 {
591 if (this->transaction_queue->remove_first(this->transaction_queue,
592 (void**)&this->transaction_out) != SUCCESS)
593 {
594 /* transaction queue empty */
595 return SUCCESS;
596 }
597 switch (transmit_request(this))
598 {
599 case SUCCESS:
600 return SUCCESS;
601 case DESTROY_ME:
602 /* critical, IKE_SA unusable, destroy immediately */
603 return DESTROY_ME;
604 default:
605 /* discard transaction, process next one */
606 this->transaction_out->destroy(this->transaction_out);
607 this->transaction_out = NULL;
608 /* handle next transaction */
609 continue;
610 }
611 }
612 }
613
614 /**
615 * Queue a new transaction and execute the next outstanding transaction
616 */
617 static status_t queue_transaction(private_ike_sa_t *this, transaction_t *transaction, bool prefer)
618 {
619 /* inject next transaction */
620 if (transaction)
621 {
622 if (prefer)
623 {
624 this->transaction_queue->insert_first(this->transaction_queue, transaction);
625 }
626 else
627 {
628 this->transaction_queue->insert_last(this->transaction_queue, transaction);
629 }
630 }
631 /* process a transaction */
632 return process_transaction_queue(this);
633 }
634
635 /**
636 * process an incoming request.
637 */
638 static status_t process_request(private_ike_sa_t *this, message_t *request)
639 {
640 transaction_t *last, *current = NULL;
641 message_t *response;
642 packet_t *packet;
643 u_int32_t request_mid;
644 status_t status;
645
646 request_mid = request->get_message_id(request);
647 last = this->transaction_in;
648
649 /* check if message ID is correct */
650 if (last)
651 {
652 u_int32_t last_mid = last->get_message_id(last);
653
654 if (last_mid == request_mid)
655 {
656 /* retransmit detected */
657 DBG1(DBG_IKE, "received retransmitted request for message "
658 "ID %d, retransmitting response", request_mid);
659 last->get_response(last, request, &response, &this->transaction_in_next);
660 packet = response->get_packet(response);
661 charon->send_queue->add(charon->send_queue, packet);
662 this->time.outbound = time(NULL);
663 return SUCCESS;
664 }
665
666 if (last_mid > request_mid)
667 {
668 /* something seriously wrong here, message id may not decrease */
669 DBG1(DBG_IKE, "received request with message ID %d, "
670 "excepted %d, ingored", request_mid, last_mid + 1);
671 return FAILED;
672 }
673 /* we allow jumps in message IDs, as long as they are incremental */
674 if (last_mid + 1 < request_mid)
675 {
676 DBG1(DBG_IKE, "received request with message ID %d, excepted %d",
677 request_mid, last_mid + 1);
678 }
679 }
680 else
681 {
682 if (request_mid != 0)
683 {
684 /* warn, but allow it */
685 DBG1(DBG_IKE, "first received request has message ID %d, "
686 "excepted 0", request_mid);
687 }
688 }
689
690 /* check if we already have a pre-created transaction for this request */
691 if (this->transaction_in_next)
692 {
693 current = this->transaction_in_next;
694 this->transaction_in_next = NULL;
695 }
696 else
697 {
698 current = transaction_create(&this->public, request);
699 if (current == NULL)
700 {
701 DBG1(DBG_IKE, "no idea how to handle received message (exchange"
702 " type %d), ignored", request->get_exchange_type(request));
703 return FAILED;
704 }
705 }
706
707 /* send message. get_request() always gives a valid response */
708 status = current->get_response(current, request, &response, &this->transaction_in_next);
709 if (response->generate(response, this->crypter_out, this->signer_out, &packet) != SUCCESS)
710 {
711 DBG1(DBG_IKE, "response generation failed, discarding transaction");
712 current->destroy(current);
713 return FAILED;
714 }
715
716 charon->send_queue->add(charon->send_queue, packet);
717 this->time.outbound = time(NULL);
718 /* act depending on transaction result */
719 switch (status)
720 {
721 case DESTROY_ME:
722 /* transactions says we should destroy the IKE_SA, so do it */
723 current->destroy(current);
724 return DESTROY_ME;
725 default:
726 /* store for retransmission, destroy old transaction */
727 this->transaction_in = current;
728 if (last)
729 {
730 last->destroy(last);
731 }
732 return SUCCESS;
733 }
734 }
735
736 /**
737 * process an incoming response
738 */
739 static status_t process_response(private_ike_sa_t *this, message_t *response)
740 {
741 transaction_t *current, *new = NULL;
742
743 current = this->transaction_out;
744 /* check if message ID is that of our currently active transaction */
745 if (current == NULL ||
746 current->get_message_id(current) != response->get_message_id(response))
747 {
748 DBG1(DBG_IKE, "received response with message ID %d "
749 "not requested, ignored", response->get_message_id(response));
750 return FAILED;
751 }
752
753 switch (current->conclude(current, response, &new))
754 {
755 case DESTROY_ME:
756 /* state requested to destroy IKE_SA */
757 return DESTROY_ME;
758 default:
759 /* discard transaction, process next one */
760 break;
761 }
762 /* transaction comleted, remove */
763 current->destroy(current);
764 this->transaction_out = NULL;
765
766 /* queue new transaction */
767 return queue_transaction(this, new, TRUE);
768 }
769
770 /**
771 * send a notify back to the sender
772 */
773 static void send_notify_response(private_ike_sa_t *this,
774 message_t *request,
775 notify_type_t type)
776 {
777 notify_payload_t *notify;
778 message_t *response;
779 host_t *src, *dst;
780 packet_t *packet;
781
782 response = message_create();
783 dst = request->get_source(request);
784 src = request->get_destination(request);
785 response->set_source(response, src->clone(src));
786 response->set_destination(response, dst->clone(dst));
787 response->set_exchange_type(response, request->get_exchange_type(request));
788 response->set_request(response, FALSE);
789 response->set_message_id(response, request->get_message_id(request));
790 response->set_ike_sa_id(response, this->ike_sa_id);
791 notify = notify_payload_create_from_protocol_and_type(PROTO_NONE, type);
792 response->add_payload(response, (payload_t *)notify);
793 if (response->generate(response, this->crypter_out, this->signer_out, &packet) != SUCCESS)
794 {
795 response->destroy(response);
796 return;
797 }
798 charon->send_queue->add(charon->send_queue, packet);
799 this->time.outbound = time(NULL);
800 response->destroy(response);
801 return;
802 }
803
804
805 /**
806 * Implementation of ike_sa_t.process_message.
807 */
808 static status_t process_message(private_ike_sa_t *this, message_t *message)
809 {
810 status_t status;
811 bool is_request;
812
813 is_request = message->get_request(message);
814
815 status = message->parse_body(message, this->crypter_in, this->signer_in);
816 if (status != SUCCESS)
817 {
818
819 if (is_request)
820 {
821 switch (status)
822 {
823 case NOT_SUPPORTED:
824 DBG1(DBG_IKE, "ciritcal unknown payloads found");
825 if (is_request)
826 {
827 send_notify_response(this, message, UNSUPPORTED_CRITICAL_PAYLOAD);
828 }
829 break;
830 case PARSE_ERROR:
831 DBG1(DBG_IKE, "message parsing failed");
832 if (is_request)
833 {
834 send_notify_response(this, message, INVALID_SYNTAX);
835 }
836 break;
837 case VERIFY_ERROR:
838 DBG1(DBG_IKE, "message verification failed");
839 if (is_request)
840 {
841 send_notify_response(this, message, INVALID_SYNTAX);
842 }
843 break;
844 case FAILED:
845 DBG1(DBG_IKE, "integrity check failed");
846 /* ignored */
847 break;
848 case INVALID_STATE:
849 DBG1(DBG_IKE, "found encrypted message, but no keys available");
850 if (is_request)
851 {
852 send_notify_response(this, message, INVALID_SYNTAX);
853 }
854 default:
855 break;
856 }
857 }
858 DBG1(DBG_IKE, "%N %s with message ID %d processing failed",
859 exchange_type_names, message->get_exchange_type(message),
860 message->get_request(message) ? "request" : "response",
861 message->get_message_id(message));
862 }
863 else
864 {
865 /* check if message is trustworthy, and update connection information */
866 if (this->state == IKE_CREATED ||
867 message->get_exchange_type(message) != IKE_SA_INIT)
868 {
869 update_hosts(this, message->get_destination(message),
870 message->get_source(message));
871 this->time.inbound = time(NULL);
872 }
873 if (is_request)
874 {
875 status = process_request(this, message);
876 }
877 else
878 {
879 status = process_response(this, message);
880 }
881 }
882 return status;
883 }
884
885 /**
886 * Implementation of ike_sa_t.initiate.
887 */
888 static status_t initiate(private_ike_sa_t *this,
889 connection_t *connection, policy_t *policy)
890 {
891 switch (this->state)
892 {
893 case IKE_CREATED:
894 {
895 /* in state CREATED, we must do the ike_sa_init
896 * and ike_auth transactions. Along with these,
897 * a CHILD_SA with the supplied policy is set up.
898 */
899 ike_sa_init_t *ike_sa_init;
900
901 DBG2(DBG_IKE, "initiating new IKE_SA for CHILD_SA");
902 if (this->my_host->is_anyaddr(this->my_host))
903 {
904 this->my_host->destroy(this->my_host);
905 this->my_host = connection->get_my_host(connection);
906 this->my_host = this->my_host->clone(this->my_host);
907 }
908 if (this->other_host->is_anyaddr(this->other_host))
909 {
910 this->other_host->destroy(this->other_host);
911 this->other_host = connection->get_other_host(connection);
912 this->other_host = this->other_host->clone(this->other_host);
913 }
914 if (this->other_host->is_anyaddr(this->other_host))
915 {
916 SIG(IKE_UP_START, "establishing new IKE_SA for CHILD_SA");
917 SIG(IKE_UP_FAILED, "can not initiate a connection to %%any, aborting");
918 policy->destroy(policy);
919 connection->destroy(connection);
920 return DESTROY_ME;
921 }
922
923 this->retrans_sequences = connection->get_retrans_seq(connection);
924 this->dpd_delay = connection->get_dpd_delay(connection);
925
926 this->message_id_out = 1;
927 ike_sa_init = ike_sa_init_create(&this->public);
928 ike_sa_init->set_config(ike_sa_init, connection, policy);
929 return queue_transaction(this, (transaction_t*)ike_sa_init, TRUE);
930 }
931 case IKE_DELETING:
932 case IKE_REKEYING:
933 {
934 /* if we are in DELETING/REKEYING, we deny set up of a policy.
935 * TODO: would it make sense to queue the transaction and adopt
936 * all transactions to the new IKE_SA? */
937 SIG(IKE_UP_START, "creating CHILD_SA in existing IKE_SA");
938 SIG(IKE_UP_FAILED, "creating CHILD_SA discarded, as IKE_SA is in state %N",
939 ike_sa_state_names, this->state);
940 policy->destroy(policy);
941 connection->destroy(connection);
942 return FAILED;
943 }
944 case IKE_CONNECTING:
945 case IKE_ESTABLISHED:
946 {
947 /* if we are ESTABLISHED or CONNECTING, we queue the
948 * transaction to create the CHILD_SA. It gets processed
949 * when the IKE_SA is ready to do so. We don't need the
950 * connection, as the IKE_SA is already established/establishing.
951 */
952 create_child_sa_t *create_child;
953
954 DBG1(DBG_IKE, "creating CHILD_SA in existing IKE_SA");
955 connection->destroy(connection);
956 create_child = create_child_sa_create(&this->public);
957 create_child->set_policy(create_child, policy);
958 return queue_transaction(this, (transaction_t*)create_child, FALSE);
959 }
960 }
961 return FAILED;
962 }
963
964 /**
965 * Implementation of ike_sa_t.acquire.
966 */
967 static status_t acquire(private_ike_sa_t *this, u_int32_t reqid)
968 {
969 connection_t *connection;
970 policy_t *policy;
971 iterator_t *iterator;
972 child_sa_t *current, *child_sa = NULL;
973 linked_list_t *my_ts, *other_ts;
974
975 if (this->state == IKE_DELETING)
976 {
977 SIG(CHILD_UP_START, "acquiring CHILD_SA on kernel request");
978 SIG(CHILD_UP_FAILED, "acquiring CHILD_SA (reqid %d) failed: "
979 "IKE_SA is deleting", reqid);
980 return FAILED;
981 }
982
983 /* find CHILD_SA */
984 iterator = this->child_sas->create_iterator(this->child_sas, TRUE);
985 while (iterator->iterate(iterator, (void**)&current))
986 {
987 if (current->get_reqid(current) == reqid)
988 {
989 child_sa = current;
990 break;
991 }
992 }
993 iterator->destroy(iterator);
994 if (!child_sa)
995 {
996 SIG(CHILD_UP_START, "acquiring CHILD_SA on kernel request");
997 SIG(CHILD_UP_FAILED, "acquiring CHILD_SA (reqid %d) failed: "
998 "CHILD_SA not found", reqid);
999 return FAILED;
1000 }
1001 my_ts = child_sa->get_my_traffic_selectors(child_sa);
1002 other_ts = child_sa->get_other_traffic_selectors(child_sa);
1003
1004 policy = charon->policies->get_policy(charon->policies,
1005 this->my_id, this->other_id,
1006 my_ts, other_ts,
1007 this->my_host, this->other_host,
1008 NULL);
1009 if (policy == NULL)
1010 {
1011 SIG(CHILD_UP_START, "acquiring CHILD_SA with reqid %d", reqid);
1012 SIG(CHILD_UP_FAILED, "acquiring CHILD_SA (reqid %d) failed: "
1013 "no policy found", reqid);
1014 return FAILED;
1015 }
1016
1017 switch (this->state)
1018 {
1019 case IKE_CREATED:
1020 {
1021 ike_sa_init_t *ike_sa_init;
1022
1023 connection = charon->connections->get_connection_by_hosts(
1024 charon->connections, this->my_host, this->other_host);
1025
1026 if (connection == NULL)
1027 {
1028 SIG(CHILD_UP_START, "acquiring CHILD_SA with reqid %d", reqid);
1029 SIG(CHILD_UP_FAILED, "acquiring CHILD_SA (reqid %d) failed: "
1030 "no connection found to establsih IKE_SA", reqid);
1031 policy->destroy(policy);
1032 return FAILED;
1033 }
1034
1035 DBG1(DBG_IKE, "establishing IKE_SA to acquire CHILD_SA "
1036 "with reqid %d", reqid);
1037
1038 this->message_id_out = 1;
1039 ike_sa_init = ike_sa_init_create(&this->public);
1040 ike_sa_init->set_config(ike_sa_init, connection, policy);
1041 /* reuse existing reqid */
1042 ike_sa_init->set_reqid(ike_sa_init, reqid);
1043 return queue_transaction(this, (transaction_t*)ike_sa_init, TRUE);
1044 }
1045 case IKE_CONNECTING:
1046 case IKE_ESTABLISHED:
1047 {
1048 create_child_sa_t *create_child;
1049
1050 DBG1(DBG_CHD, "acquiring CHILD_SA with reqid %d", reqid);
1051
1052 create_child = create_child_sa_create(&this->public);
1053 create_child->set_policy(create_child, policy);
1054 /* reuse existing reqid */
1055 create_child->set_reqid(create_child, reqid);
1056 return queue_transaction(this, (transaction_t*)create_child, FALSE);
1057 }
1058 default:
1059 break;
1060 }
1061 return FAILED;
1062 }
1063
1064 /**
1065 * compare two lists of traffic selectors for equality
1066 */
1067 static bool ts_list_equals(linked_list_t *l1, linked_list_t *l2)
1068 {
1069 bool equals = TRUE;
1070 iterator_t *i1, *i2;
1071 traffic_selector_t *t1, *t2;
1072
1073 if (l1->get_count(l1) != l2->get_count(l2))
1074 {
1075 return FALSE;
1076 }
1077
1078 i1 = l1->create_iterator(l1, TRUE);
1079 i2 = l2->create_iterator(l2, TRUE);
1080 while (i1->iterate(i1, (void**)&t1) && i2->iterate(i2, (void**)&t2))
1081 {
1082 if (!t1->equals(t1, t2))
1083 {
1084 equals = FALSE;
1085 break;
1086 }
1087 }
1088 i1->destroy(i1);
1089 i2->destroy(i2);
1090 return equals;
1091 }
1092
1093 /**
1094 * Implementation of ike_sa_t.route.
1095 */
1096 static status_t route(private_ike_sa_t *this, connection_t *connection, policy_t *policy)
1097 {
1098 child_sa_t *child_sa = NULL;
1099 iterator_t *iterator;
1100 linked_list_t *my_ts, *other_ts;
1101 status_t status;
1102
1103 SIG(CHILD_ROUTE_START, "routing CHILD_SA");
1104
1105 /* check if not already routed*/
1106 iterator = this->child_sas->create_iterator(this->child_sas, TRUE);
1107 while (iterator->iterate(iterator, (void**)&child_sa))
1108 {
1109 if (child_sa->get_state(child_sa) == CHILD_ROUTED)
1110 {
1111 linked_list_t *my_ts_conf, *other_ts_conf;
1112
1113 my_ts = child_sa->get_my_traffic_selectors(child_sa);
1114 other_ts = child_sa->get_other_traffic_selectors(child_sa);
1115
1116 my_ts_conf = policy->get_my_traffic_selectors(policy, this->my_host);
1117 other_ts_conf = policy->get_other_traffic_selectors(policy, this->other_host);
1118
1119 if (ts_list_equals(my_ts, my_ts_conf) &&
1120 ts_list_equals(other_ts, other_ts_conf))
1121 {
1122 iterator->destroy(iterator);
1123 my_ts_conf->destroy_offset(my_ts_conf, offsetof(traffic_selector_t, destroy));
1124 other_ts_conf->destroy_offset(other_ts_conf, offsetof(traffic_selector_t, destroy));
1125 SIG(CHILD_ROUTE_FAILED, "CHILD_SA with such a policy already routed");
1126 return FAILED;
1127 }
1128 my_ts_conf->destroy_offset(my_ts_conf, offsetof(traffic_selector_t, destroy));
1129 other_ts_conf->destroy_offset(other_ts_conf, offsetof(traffic_selector_t, destroy));
1130 }
1131 }
1132 iterator->destroy(iterator);
1133
1134 switch (this->state)
1135 {
1136 case IKE_CREATED:
1137 case IKE_CONNECTING:
1138 /* we update IKE_SA information as good as possible,
1139 * this allows us to set up the SA later when an acquire comes in. */
1140 if (this->my_id->get_type(this->my_id) == ID_ANY)
1141 {
1142 this->my_id->destroy(this->my_id);
1143 this->my_id = policy->get_my_id(policy);
1144 this->my_id = this->my_id->clone(this->my_id);
1145 }
1146 if (this->other_id->get_type(this->other_id) == ID_ANY)
1147 {
1148 this->other_id->destroy(this->other_id);
1149 this->other_id = policy->get_other_id(policy);
1150 this->other_id = this->other_id->clone(this->other_id);
1151 }
1152 if (this->my_host->is_anyaddr(this->my_host))
1153 {
1154 this->my_host->destroy(this->my_host);
1155 this->my_host = connection->get_my_host(connection);
1156 this->my_host = this->my_host->clone(this->my_host);
1157 }
1158 if (this->other_host->is_anyaddr(this->other_host))
1159 {
1160 this->other_host->destroy(this->other_host);
1161 this->other_host = connection->get_other_host(connection);
1162 this->other_host = this->other_host->clone(this->other_host);
1163 }
1164 set_name(this, connection->get_name(connection));
1165 this->retrans_sequences = connection->get_retrans_seq(connection);
1166 this->dpd_delay = connection->get_dpd_delay(connection);
1167 break;
1168 case IKE_ESTABLISHED:
1169 case IKE_REKEYING:
1170 /* nothing to do. We allow it for rekeying, as it will be
1171 * adopted by the new IKE_SA */
1172 break;
1173 case IKE_DELETING:
1174 /* TODO: hanlde this case, create a new IKE_SA and route CHILD_SA */
1175 SIG(CHILD_ROUTE_FAILED, "unable to route CHILD_SA, as its IKE_SA gets deleted");
1176 return FAILED;
1177 }
1178
1179 child_sa = child_sa_create(0, this->my_host, this->other_host,
1180 this->my_id, this->other_id,
1181 0, 0,
1182 NULL, policy->get_hostaccess(policy),
1183 FALSE);
1184 child_sa->set_name(child_sa, policy->get_name(policy));
1185 my_ts = policy->get_my_traffic_selectors(policy, this->my_host);
1186 other_ts = policy->get_other_traffic_selectors(policy, this->other_host);
1187 status = child_sa->add_policies(child_sa, my_ts, other_ts,
1188 policy->get_mode(policy));
1189 my_ts->destroy_offset(my_ts, offsetof(traffic_selector_t, destroy));
1190 other_ts->destroy_offset(other_ts, offsetof(traffic_selector_t, destroy));
1191 this->child_sas->insert_last(this->child_sas, child_sa);
1192 SIG(CHILD_ROUTE_SUCCESS, "CHILD_SA routed");
1193 return status;
1194 }
1195
1196 /**
1197 * Implementation of ike_sa_t.unroute.
1198 */
1199 static status_t unroute(private_ike_sa_t *this, policy_t *policy)
1200 {
1201 iterator_t *iterator;
1202 child_sa_t *child_sa = NULL;
1203 bool found = FALSE;
1204 linked_list_t *my_ts, *other_ts, *my_ts_conf, *other_ts_conf;
1205
1206 SIG(CHILD_UNROUTE_START, "unrouting CHILD_SA");
1207
1208 /* find CHILD_SA in ROUTED state */
1209 iterator = this->child_sas->create_iterator(this->child_sas, TRUE);
1210 while (iterator->iterate(iterator, (void**)&child_sa))
1211 {
1212 if (child_sa->get_state(child_sa) == CHILD_ROUTED)
1213 {
1214 my_ts = child_sa->get_my_traffic_selectors(child_sa);
1215 other_ts = child_sa->get_other_traffic_selectors(child_sa);
1216
1217 my_ts_conf = policy->get_my_traffic_selectors(policy, this->my_host);
1218 other_ts_conf = policy->get_other_traffic_selectors(policy, this->other_host);
1219
1220 if (ts_list_equals(my_ts, my_ts_conf) &&
1221 ts_list_equals(other_ts, other_ts_conf))
1222 {
1223 iterator->remove(iterator);
1224 SIG(CHILD_UNROUTE_SUCCESS, "CHILD_SA unrouted");
1225 child_sa->destroy(child_sa);
1226 my_ts_conf->destroy_offset(my_ts_conf, offsetof(traffic_selector_t, destroy));
1227 other_ts_conf->destroy_offset(other_ts_conf, offsetof(traffic_selector_t, destroy));
1228 found = TRUE;
1229 break;
1230 }
1231 my_ts_conf->destroy_offset(my_ts_conf, offsetof(traffic_selector_t, destroy));
1232 other_ts_conf->destroy_offset(other_ts_conf, offsetof(traffic_selector_t, destroy));
1233 }
1234 }
1235 iterator->destroy(iterator);
1236
1237 if (!found)
1238 {
1239 SIG(CHILD_UNROUTE_FAILED, "CHILD_SA to unroute not found");
1240 return FAILED;
1241 }
1242 /* if we are not established, and we have no more routed childs, remove whole SA */
1243 if (this->state == IKE_CREATED &&
1244 this->child_sas->get_count(this->child_sas) == 0)
1245 {
1246 return DESTROY_ME;
1247 }
1248 return SUCCESS;
1249 }
1250
1251 /**
1252 * Implementation of ike_sa_t.send_dpd
1253 */
1254 static status_t send_dpd(private_ike_sa_t *this)
1255 {
1256 send_dpd_job_t *job;
1257 time_t diff;
1258
1259 if (this->dpd_delay == 0)
1260 {
1261 /* DPD disabled */
1262 return SUCCESS;
1263 }
1264
1265 if (this->transaction_out)
1266 {
1267 /* there is a transaction in progress. Come back later */
1268 diff = 0;
1269 }
1270 else
1271 {
1272 /* check if there was any inbound traffic */
1273 time_t last_in, now;
1274 last_in = get_time_inbound(this);
1275 now = time(NULL);
1276 diff = now - last_in;
1277 if (diff >= this->dpd_delay)
1278 {
1279 /* to long ago, initiate dead peer detection */
1280 dead_peer_detection_t *dpd;
1281 DBG1(DBG_IKE, "sending DPD request");
1282 dpd = dead_peer_detection_create(&this->public);
1283 queue_transaction(this, (transaction_t*)dpd, FALSE);
1284 diff = 0;
1285 }
1286 }
1287 /* recheck in "interval" seconds */
1288 job = send_dpd_job_create(this->ike_sa_id);
1289 charon->event_queue->add_relative(charon->event_queue, (job_t*)job,
1290 (this->dpd_delay - diff) * 1000);
1291 return SUCCESS;
1292 }
1293
1294 /**
1295 * Implementation of ike_sa_t.send_keepalive
1296 */
1297 static void send_keepalive(private_ike_sa_t *this)
1298 {
1299 send_keepalive_job_t *job;
1300 time_t last_out, now, diff, interval;
1301
1302 last_out = get_time_outbound(this);
1303 now = time(NULL);
1304
1305 diff = now - last_out;
1306 interval = charon->configuration->get_keepalive_interval(charon->configuration);
1307
1308 if (diff >= interval)
1309 {
1310 packet_t *packet;
1311 chunk_t data;
1312
1313 packet = packet_create();
1314 packet->set_source(packet, this->my_host->clone(this->my_host));
1315 packet->set_destination(packet, this->other_host->clone(this->other_host));
1316 data.ptr = malloc(1);
1317 data.ptr[0] = 0xFF;
1318 data.len = 1;
1319 packet->set_data(packet, data);
1320 charon->send_queue->add(charon->send_queue, packet);
1321 DBG1(DBG_IKE, "sending keep alive");
1322 diff = 0;
1323 }
1324 job = send_keepalive_job_create(this->ike_sa_id);
1325 charon->event_queue->add_relative(charon->event_queue, (job_t*)job,
1326 (interval - diff) * 1000);
1327 }
1328
1329 /**
1330 * Implementation of ike_sa_t.get_state.
1331 */
1332 static ike_sa_state_t get_state(private_ike_sa_t *this)
1333 {
1334 return this->state;
1335 }
1336
1337 /**
1338 * Implementation of ike_sa_t.set_state.
1339 */
1340 static void set_state(private_ike_sa_t *this, ike_sa_state_t state)
1341 {
1342 DBG1(DBG_IKE, "IKE_SA state change: %N => %N",
1343 ike_sa_state_names, this->state,
1344 ike_sa_state_names, state);
1345
1346 if (state == IKE_ESTABLISHED)
1347 {
1348 this->time.established = time(NULL);
1349 /* start DPD checks */
1350 send_dpd(this);
1351 }
1352
1353 this->state = state;
1354 }
1355
1356 /**
1357 * Implementation of ike_sa_t.get_prf.
1358 */
1359 static prf_t *get_prf(private_ike_sa_t *this)
1360 {
1361 return this->prf;
1362 }
1363
1364 /**
1365 * Implementation of ike_sa_t.get_prf.
1366 */
1367 static prf_t *get_child_prf(private_ike_sa_t *this)
1368 {
1369 return this->child_prf;
1370 }
1371
1372 /**
1373 * Implementation of ike_sa_t.get_auth_bild
1374 */
1375 static prf_t *get_auth_build(private_ike_sa_t *this)
1376 {
1377 return this->auth_build;
1378 }
1379
1380 /**
1381 * Implementation of ike_sa_t.get_auth_verify
1382 */
1383 static prf_t *get_auth_verify(private_ike_sa_t *this)
1384 {
1385 return this->auth_verify;
1386 }
1387
1388 /**
1389 * Implementation of ike_sa_t.get_id.
1390 */
1391 static ike_sa_id_t* get_id(private_ike_sa_t *this)
1392 {
1393 return this->ike_sa_id;
1394 }
1395
1396 /**
1397 * Implementation of ike_sa_t.get_my_id.
1398 */
1399 static identification_t* get_my_id(private_ike_sa_t *this)
1400 {
1401 return this->my_id;
1402 }
1403
1404 /**
1405 * Implementation of ike_sa_t.set_my_id.
1406 */
1407 static void set_my_id(private_ike_sa_t *this, identification_t *me)
1408 {
1409 DESTROY_IF(this->my_id);
1410 this->my_id = me;
1411 }
1412
1413 /**
1414 * Implementation of ike_sa_t.get_other_id.
1415 */
1416 static identification_t* get_other_id(private_ike_sa_t *this)
1417 {
1418 return this->other_id;
1419 }
1420
1421 /**
1422 * Implementation of ike_sa_t.set_other_id.
1423 */
1424 static void set_other_id(private_ike_sa_t *this, identification_t *other)
1425 {
1426 DESTROY_IF(this->other_id);
1427 this->other_id = other;
1428 }
1429
1430 /**
1431 * Implementation of ike_sa_t.derive_keys.
1432 */
1433 static status_t derive_keys(private_ike_sa_t *this,
1434 proposal_t *proposal, diffie_hellman_t *dh,
1435 chunk_t nonce_i, chunk_t nonce_r,
1436 bool initiator, prf_t *child_prf, prf_t *old_prf)
1437 {
1438 prf_plus_t *prf_plus;
1439 chunk_t skeyseed, secret, key, nonces, prf_plus_seed;
1440 algorithm_t *algo;
1441 size_t key_size;
1442 crypter_t *crypter_i, *crypter_r;
1443 signer_t *signer_i, *signer_r;
1444 prf_t *prf_i, *prf_r;
1445 u_int8_t spi_i_buf[sizeof(u_int64_t)], spi_r_buf[sizeof(u_int64_t)];
1446 chunk_t spi_i = chunk_from_buf(spi_i_buf);
1447 chunk_t spi_r = chunk_from_buf(spi_r_buf);
1448
1449 /* Create SAs general purpose PRF first, we may use it here */
1450 if (!proposal->get_algorithm(proposal, PSEUDO_RANDOM_FUNCTION, &algo))
1451 {
1452 DBG1(DBG_IKE, "key derivation failed: no PSEUDO_RANDOM_FUNCTION");;
1453 return FAILED;
1454 }
1455 this->prf = prf_create(algo->algorithm);
1456 if (this->prf == NULL)
1457 {
1458 DBG1(DBG_IKE, "key derivation failed: PSEUDO_RANDOM_FUNCTION "
1459 "%N not supported!", pseudo_random_function_names, algo->algorithm);
1460 return FAILED;
1461 }
1462
1463 dh->get_shared_secret(dh, &secret);
1464 DBG4(DBG_IKE, "shared Diffie Hellman secret %B", &secret);
1465 nonces = chunk_cat("cc", nonce_i, nonce_r);
1466 *((u_int64_t*)spi_i.ptr) = this->ike_sa_id->get_initiator_spi(this->ike_sa_id);
1467 *((u_int64_t*)spi_r.ptr) = this->ike_sa_id->get_responder_spi(this->ike_sa_id);
1468 prf_plus_seed = chunk_cat("ccc", nonces, spi_i, spi_r);
1469
1470 /* KEYMAT = prf+ (SKEYSEED, Ni | Nr | SPIi | SPIr)
1471 *
1472 * if we are rekeying, SKEYSEED is built on another way
1473 */
1474 if (child_prf == NULL) /* not rekeying */
1475 {
1476 /* SKEYSEED = prf(Ni | Nr, g^ir) */
1477 this->prf->set_key(this->prf, nonces);
1478 this->prf->allocate_bytes(this->prf, secret, &skeyseed);
1479 DBG4(DBG_IKE, "SKEYSEED %B", &skeyseed);
1480 this->prf->set_key(this->prf, skeyseed);
1481 chunk_free(&skeyseed);
1482 chunk_free(&secret);
1483 prf_plus = prf_plus_create(this->prf, prf_plus_seed);
1484 }
1485 else
1486 {
1487 /* SKEYSEED = prf(SK_d (old), [g^ir (new)] | Ni | Nr)
1488 * use OLD SAs PRF functions for both prf_plus and prf */
1489 secret = chunk_cat("mc", secret, nonces);
1490 child_prf->allocate_bytes(child_prf, secret, &skeyseed);
1491 DBG4(DBG_IKE, "SKEYSEED %B", &skeyseed);
1492 old_prf->set_key(old_prf, skeyseed);
1493 chunk_free(&skeyseed);
1494 chunk_free(&secret);
1495 prf_plus = prf_plus_create(old_prf, prf_plus_seed);
1496 }
1497 chunk_free(&nonces);
1498 chunk_free(&prf_plus_seed);
1499
1500 /* KEYMAT = SK_d | SK_ai | SK_ar | SK_ei | SK_er | SK_pi | SK_pr */
1501
1502 /* SK_d is used for generating CHILD_SA key mat => child_prf */
1503 proposal->get_algorithm(proposal, PSEUDO_RANDOM_FUNCTION, &algo);
1504 this->child_prf = prf_create(algo->algorithm);
1505 key_size = this->child_prf->get_key_size(this->child_prf);
1506 prf_plus->allocate_bytes(prf_plus, key_size, &key);
1507 DBG4(DBG_IKE, "Sk_d secret %B", &key);
1508 this->child_prf->set_key(this->child_prf, key);
1509 chunk_free(&key);
1510
1511 /* SK_ai/SK_ar used for integrity protection => signer_in/signer_out */
1512 if (!proposal->get_algorithm(proposal, INTEGRITY_ALGORITHM, &algo))
1513 {
1514 DBG1(DBG_IKE, "key derivation failed: no INTEGRITY_ALGORITHM");
1515 return FAILED;
1516 }
1517 signer_i = signer_create(algo->algorithm);
1518 signer_r = signer_create(algo->algorithm);
1519 if (signer_i == NULL || signer_r == NULL)
1520 {
1521 DBG1(DBG_IKE, "key derivation failed: INTEGRITY_ALGORITHM "
1522 "%N not supported!", integrity_algorithm_names ,algo->algorithm);
1523 return FAILED;
1524 }
1525 key_size = signer_i->get_key_size(signer_i);
1526
1527 prf_plus->allocate_bytes(prf_plus, key_size, &key);
1528 DBG4(DBG_IKE, "Sk_ai secret %B", &key);
1529 signer_i->set_key(signer_i, key);
1530 chunk_free(&key);
1531
1532 prf_plus->allocate_bytes(prf_plus, key_size, &key);
1533 DBG4(DBG_IKE, "Sk_ar secret %B", &key);
1534 signer_r->set_key(signer_r, key);
1535 chunk_free(&key);
1536
1537 if (initiator)
1538 {
1539 this->signer_in = signer_r;
1540 this->signer_out = signer_i;
1541 }
1542 else
1543 {
1544 this->signer_in = signer_i;
1545 this->signer_out = signer_r;
1546 }
1547
1548 /* SK_ei/SK_er used for encryption => crypter_in/crypter_out */
1549 if (!proposal->get_algorithm(proposal, ENCRYPTION_ALGORITHM, &algo))
1550 {
1551 DBG1(DBG_IKE, "key derivation failed: no ENCRYPTION_ALGORITHM");
1552 return FAILED;
1553 }
1554 crypter_i = crypter_create(algo->algorithm, algo->key_size / 8);
1555 crypter_r = crypter_create(algo->algorithm, algo->key_size / 8);
1556 if (crypter_i == NULL || crypter_r == NULL)
1557 {
1558 DBG1(DBG_IKE, "key derivation failed: ENCRYPTION_ALGORITHM "
1559 "%N (key size %d) not supported!",
1560 encryption_algorithm_names, algo->algorithm, algo->key_size);
1561 return FAILED;
1562 }
1563 key_size = crypter_i->get_key_size(crypter_i);
1564
1565 prf_plus->allocate_bytes(prf_plus, key_size, &key);
1566 DBG4(DBG_IKE, "Sk_ei secret %B", &key);
1567 crypter_i->set_key(crypter_i, key);
1568 chunk_free(&key);
1569
1570 prf_plus->allocate_bytes(prf_plus, key_size, &key);
1571 DBG4(DBG_IKE, "Sk_er secret %B", &key);
1572 crypter_r->set_key(crypter_r, key);
1573 chunk_free(&key);
1574
1575 if (initiator)
1576 {
1577 this->crypter_in = crypter_r;
1578 this->crypter_out = crypter_i;
1579 }
1580 else
1581 {
1582 this->crypter_in = crypter_i;
1583 this->crypter_out = crypter_r;
1584 }
1585
1586 /* SK_pi/SK_pr used for authentication => prf_auth_i, prf_auth_r */
1587 proposal->get_algorithm(proposal, PSEUDO_RANDOM_FUNCTION, &algo);
1588 prf_i = prf_create(algo->algorithm);
1589 prf_r = prf_create(algo->algorithm);
1590
1591 key_size = prf_i->get_key_size(prf_i);
1592 prf_plus->allocate_bytes(prf_plus, key_size, &key);
1593 DBG4(DBG_IKE, "Sk_pi secret %B", &key);
1594 prf_i->set_key(prf_i, key);
1595 chunk_free(&key);
1596
1597 prf_plus->allocate_bytes(prf_plus, key_size, &key);
1598 DBG4(DBG_IKE, "Sk_pr secret %B", &key);
1599 prf_r->set_key(prf_r, key);
1600 chunk_free(&key);
1601
1602 if (initiator)
1603 {
1604 this->auth_verify = prf_r;
1605 this->auth_build = prf_i;
1606 }
1607 else
1608 {
1609 this->auth_verify = prf_i;
1610 this->auth_build = prf_r;
1611 }
1612
1613 /* all done, prf_plus not needed anymore */
1614 prf_plus->destroy(prf_plus);
1615
1616 return SUCCESS;
1617 }
1618
1619 /**
1620 * Implementation of ike_sa_t.add_child_sa.
1621 */
1622 static void add_child_sa(private_ike_sa_t *this, child_sa_t *child_sa)
1623 {
1624 this->child_sas->insert_last(this->child_sas, child_sa);
1625 }
1626
1627 /**
1628 * Implementation of ike_sa_t.has_child_sa.
1629 */
1630 static bool has_child_sa(private_ike_sa_t *this, u_int32_t reqid)
1631 {
1632 iterator_t *iterator;
1633 child_sa_t *current;
1634 bool found = FALSE;
1635
1636 iterator = this->child_sas->create_iterator(this->child_sas, TRUE);
1637 while (iterator->iterate(iterator, (void**)&current))
1638 {
1639 if (current->get_reqid(current) == reqid)
1640 {
1641 found = TRUE;
1642 break;
1643 }
1644 }
1645 iterator->destroy(iterator);
1646 return found;
1647 }
1648
1649 /**
1650 * Implementation of ike_sa_t.get_child_sa.
1651 */
1652 static child_sa_t* get_child_sa(private_ike_sa_t *this, protocol_id_t protocol,
1653 u_int32_t spi, bool inbound)
1654 {
1655 iterator_t *iterator;
1656 child_sa_t *current, *found = NULL;
1657
1658 iterator = this->child_sas->create_iterator(this->child_sas, TRUE);
1659 while (iterator->iterate(iterator, (void**)&current))
1660 {;
1661 if (current->get_spi(current, inbound) == spi &&
1662 current->get_protocol(current) == protocol)
1663 {
1664 found = current;
1665 }
1666 }
1667 iterator->destroy(iterator);
1668 return found;
1669 }
1670
1671 /**
1672 * Implementation of ike_sa_t.create_child_sa_iterator.
1673 */
1674 static iterator_t* create_child_sa_iterator(private_ike_sa_t *this)
1675 {
1676 return this->child_sas->create_iterator(this->child_sas, TRUE);
1677 }
1678
1679 /**
1680 * Implementation of ike_sa_t.rekey_child_sa.
1681 */
1682 static status_t rekey_child_sa(private_ike_sa_t *this, protocol_id_t protocol, u_int32_t spi)
1683 {
1684 create_child_sa_t *rekey;
1685 child_sa_t *child_sa;
1686
1687 child_sa = get_child_sa(this, protocol, spi, TRUE);
1688 if (child_sa == NULL)
1689 {
1690 return NOT_FOUND;
1691 }
1692
1693 rekey = create_child_sa_create(&this->public);
1694 rekey->rekeys_child(rekey, child_sa);
1695 return queue_transaction(this, (transaction_t*)rekey, FALSE);
1696 }
1697
1698 /**
1699 * Implementation of ike_sa_t.delete_child_sa.
1700 */
1701 static status_t delete_child_sa(private_ike_sa_t *this, protocol_id_t protocol, u_int32_t spi)
1702 {
1703 delete_child_sa_t *del;
1704 child_sa_t *child_sa;
1705
1706 child_sa = get_child_sa(this, protocol, spi, TRUE);
1707 if (child_sa == NULL)
1708 {
1709 return NOT_FOUND;
1710 }
1711
1712 del = delete_child_sa_create(&this->public);
1713 del->set_child_sa(del, child_sa);
1714 return queue_transaction(this, (transaction_t*)del, FALSE);
1715 }
1716
1717 /**
1718 * Implementation of ike_sa_t.destroy_child_sa.
1719 */
1720 static status_t destroy_child_sa(private_ike_sa_t *this, protocol_id_t protocol, u_int32_t spi)
1721 {
1722 iterator_t *iterator;
1723 child_sa_t *child_sa;
1724 status_t status = NOT_FOUND;
1725
1726 iterator = this->child_sas->create_iterator(this->child_sas, TRUE);
1727 while (iterator->iterate(iterator, (void**)&child_sa))
1728 {
1729 if (child_sa->get_protocol(child_sa) == protocol &&
1730 child_sa->get_spi(child_sa, TRUE) == spi)
1731 {
1732 child_sa->destroy(child_sa);
1733 iterator->remove(iterator);
1734 status = SUCCESS;
1735 break;
1736 }
1737 }
1738 iterator->destroy(iterator);
1739 return status;
1740 }
1741
1742 /**
1743 * Implementation of ike_sa_t.set_lifetimes.
1744 */
1745 static void set_lifetimes(private_ike_sa_t *this, bool reauth,
1746 u_int32_t soft_lifetime, u_int32_t hard_lifetime)
1747 {
1748 job_t *job;
1749 u_int32_t now = time(NULL);
1750
1751 this->reauth = reauth;
1752
1753 if (soft_lifetime)
1754 {
1755 this->time.rekey = now + soft_lifetime;
1756 job = (job_t*)rekey_ike_sa_job_create(this->ike_sa_id, reauth);
1757 charon->event_queue->add_relative(charon->event_queue, job,
1758 soft_lifetime * 1000);
1759 }
1760
1761 if (hard_lifetime)
1762 {
1763 this->time.delete = now + hard_lifetime;
1764 job = (job_t*)delete_ike_sa_job_create(this->ike_sa_id, TRUE);
1765 charon->event_queue->add_relative(charon->event_queue, job,
1766 hard_lifetime * 1000);
1767 }
1768 }
1769
1770 /**
1771 * Implementation of public_ike_sa_t.delete.
1772 */
1773 static status_t delete_(private_ike_sa_t *this)
1774 {
1775 switch (this->state)
1776 {
1777 case IKE_CONNECTING:
1778 {
1779 /* this may happen if a half open IKE_SA gets closed after a
1780 * timeout. We signal here UP_FAILED to complete the SIG schema */
1781 SIG(IKE_UP_FAILED, "half open IKE_SA deleted after timeout");
1782 return DESTROY_ME;
1783 }
1784 case IKE_ESTABLISHED:
1785 {
1786 delete_ike_sa_t *delete_ike_sa;
1787 if (this->transaction_out)
1788 {
1789 /* already a transaction in progress. As this may hang
1790 * around a while, we don't inform the other peer. */
1791 return DESTROY_ME;
1792 }
1793 delete_ike_sa = delete_ike_sa_create(&this->public);
1794 return queue_transaction(this, (transaction_t*)delete_ike_sa, FALSE);
1795 }
1796 case IKE_CREATED:
1797 case IKE_DELETING:
1798 default:
1799 {
1800 SIG(IKE_DOWN_START, "closing IKE_SA");
1801 SIG(IKE_DOWN_SUCCESS, "IKE_SA closed between %H[%D]...%H[%D]",
1802 this->my_host, this->my_id, this->other_host, this->other_id);
1803 return DESTROY_ME;
1804 }
1805 }
1806 }
1807
1808 /**
1809 * Implementation of ike_sa_t.rekey.
1810 */
1811 static status_t rekey(private_ike_sa_t *this)
1812 {
1813 rekey_ike_sa_t *rekey_ike_sa;
1814
1815 DBG1(DBG_IKE, "rekeying IKE_SA between %H[%D]..%H[%D]",
1816 this->my_host, this->my_id, this->other_host, this->other_id);
1817
1818 if (this->state != IKE_ESTABLISHED)
1819 {
1820 SIG(IKE_REKEY_START, "rekeying IKE_SA");
1821 SIG(IKE_REKEY_FAILED, "unable to rekey IKE_SA in state %N",
1822 ike_sa_state_names, this->state);
1823 return FAILED;
1824 }
1825
1826 rekey_ike_sa = rekey_ike_sa_create(&this->public);
1827 return queue_transaction(this, (transaction_t*)rekey_ike_sa, FALSE);
1828 }
1829
1830 /**
1831 * Implementation of ike_sa_t.reauth.
1832 */
1833 static status_t reauth(private_ike_sa_t *this)
1834 {
1835 connection_t *connection;
1836 child_sa_t *child_sa;
1837 iterator_t *iterator;
1838
1839 DBG1(DBG_IKE, "reauthenticating IKE_SA between %H[%D]..%H[%D]",
1840 this->my_host, this->my_id, this->other_host, this->other_id);
1841
1842 /* get a connection to initiate */
1843 connection = charon->connections->get_connection_by_hosts(charon->connections,
1844 this->my_host, this->other_host);
1845 if (connection == NULL)
1846 {
1847 DBG1(DBG_IKE, "no connection found to reauthenticate");
1848 return FAILED;
1849 }
1850
1851 /* queue CREATE_CHILD_SA transactions to set up all CHILD_SAs */
1852 iterator = this->child_sas->create_iterator(this->child_sas, TRUE);
1853 while (iterator->iterate(iterator, (void**)&child_sa))
1854 {
1855 job_t *job;
1856 policy_t *policy;
1857 linked_list_t *my_ts, *other_ts;
1858 host_t *other;
1859
1860 my_ts = child_sa->get_my_traffic_selectors(child_sa);
1861 other_ts = child_sa->get_other_traffic_selectors(child_sa);
1862 policy = charon->policies->get_policy(charon->policies,
1863 this->my_id, this->other_id, my_ts, other_ts,
1864 this->my_host, this->other_host, NULL);
1865 if (policy == NULL)
1866 {
1867 DBG1(DBG_IKE, "policy not found to recreate CHILD_SA, skipped");
1868 continue;
1869 }
1870 connection->get_ref(connection);
1871 other = this->other_host->clone(this->other_host);
1872 job = (job_t*)initiate_job_create(connection, other, policy);
1873 charon->job_queue->add(charon->job_queue, job);
1874 }
1875 iterator->destroy(iterator);
1876 connection->destroy(connection);
1877
1878 /* delete the old IKE_SA
1879 * TODO: we should delay the delete to avoid connectivity gaps?! */
1880 return delete_(this);
1881 }
1882
1883 /**
1884 * Implementation of ike_sa_t.get_rekeying_transaction.
1885 */
1886 static transaction_t* get_rekeying_transaction(private_ike_sa_t *this)
1887 {
1888 return this->rekeying_transaction;
1889 }
1890
1891 /**
1892 * Implementation of ike_sa_t.set_rekeying_transaction.
1893 */
1894 static void set_rekeying_transaction(private_ike_sa_t *this, transaction_t *rekey)
1895 {
1896 this->rekeying_transaction = rekey;
1897 }
1898
1899 /**
1900 * Implementation of ike_sa_t.adopt_children.
1901 */
1902 static void adopt_children(private_ike_sa_t *this, private_ike_sa_t *other)
1903 {
1904 child_sa_t *child_sa;
1905
1906 while (other->child_sas->remove_last(other->child_sas,
1907 (void**)&child_sa) == SUCCESS)
1908 {
1909 this->child_sas->insert_first(this->child_sas, (void*)child_sa);
1910 }
1911 }
1912
1913 /**
1914 * Implementation of ike_sa_t.get_next_message_id.
1915 */
1916 static u_int32_t get_next_message_id (private_ike_sa_t *this)
1917 {
1918 return this->message_id_out++;
1919 }
1920
1921 /**
1922 * Implementation of ike_sa_t.is_natt_enabled.
1923 */
1924 static bool is_natt_enabled(private_ike_sa_t *this)
1925 {
1926 return this->nat_here || this->nat_there;
1927 }
1928
1929 /**
1930 * Implementation of ike_sa_t.enable_natt.
1931 */
1932 static void enable_natt(private_ike_sa_t *this, bool local)
1933 {
1934 if (local)
1935 {
1936 DBG1(DBG_IKE, "local host is behind NAT, using NAT-T, "
1937 "scheduled keep alives");
1938 this->nat_here = TRUE;
1939 send_keepalive(this);
1940 }
1941 else
1942 {
1943 DBG1(DBG_IKE, "remote host is behind NAT, using NAT-T");
1944 this->nat_there = TRUE;
1945 }
1946 }
1947
1948 /**
1949 * output handler in printf()
1950 */
1951 static int print(FILE *stream, const struct printf_info *info,
1952 const void *const *args)
1953 {
1954 int written = 0;
1955 private_ike_sa_t *this = *((private_ike_sa_t**)(args[0]));
1956
1957 if (this == NULL)
1958 {
1959 return fprintf(stream, "(null)");
1960 }
1961
1962 written = fprintf(stream, "%12s: %N, %H[%D]...%H[%D]",
1963 this->name, ike_sa_state_names, this->state,
1964 this->my_host, this->my_id, this->other_host, this->other_id);
1965 written += fprintf(stream, "\n%12s: IKE SPIs: %J, %s in %ds",
1966 this->name, this->ike_sa_id,
1967 this->reauth? "reauthentication":"rekeying",
1968 this->time.rekey - time(NULL));
1969
1970 if (info->alt)
1971 {
1972
1973 }
1974 return written;
1975 }
1976
1977 /**
1978 * register printf() handlers
1979 */
1980 static void __attribute__ ((constructor))print_register()
1981 {
1982 register_printf_function(PRINTF_IKE_SA, print, arginfo_ptr);
1983 }
1984
1985 /**
1986 * Implementation of ike_sa_t.destroy.
1987 */
1988 static void destroy(private_ike_sa_t *this)
1989 {
1990 this->child_sas->destroy_offset(this->child_sas, offsetof(child_sa_t, destroy));
1991 this->transaction_queue->destroy_offset(this->transaction_queue, offsetof(transaction_t, destroy));
1992
1993 DESTROY_IF(this->transaction_in);
1994 DESTROY_IF(this->transaction_in_next);
1995 DESTROY_IF(this->transaction_out);
1996 DESTROY_IF(this->crypter_in);
1997 DESTROY_IF(this->crypter_out);
1998 DESTROY_IF(this->signer_in);
1999 DESTROY_IF(this->signer_out);
2000 DESTROY_IF(this->prf);
2001 DESTROY_IF(this->child_prf);
2002 DESTROY_IF(this->auth_verify);
2003 DESTROY_IF(this->auth_build);
2004
2005 DESTROY_IF(this->my_host);
2006 DESTROY_IF(this->other_host);
2007 DESTROY_IF(this->my_id);
2008 DESTROY_IF(this->other_id);
2009
2010 free(this->name);
2011 this->ike_sa_id->destroy(this->ike_sa_id);
2012 free(this);
2013 }
2014
2015 /*
2016 * Described in header.
2017 */
2018 ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id)
2019 {
2020 private_ike_sa_t *this = malloc_thing(private_ike_sa_t);
2021
2022 /* Public functions */
2023 this->public.get_state = (ike_sa_state_t(*)(ike_sa_t*)) get_state;
2024 this->public.set_state = (void(*)(ike_sa_t*,ike_sa_state_t)) set_state;
2025 this->public.get_name = (char*(*)(ike_sa_t*))get_name;
2026 this->public.set_name = (void(*)(ike_sa_t*,char*))set_name;
2027 this->public.process_message = (status_t(*)(ike_sa_t*, message_t*)) process_message;
2028 this->public.initiate = (status_t(*)(ike_sa_t*,connection_t*,policy_t*)) initiate;
2029 this->public.route = (status_t(*)(ike_sa_t*,connection_t*,policy_t*)) route;
2030 this->public.unroute = (status_t(*)(ike_sa_t*,policy_t*)) unroute;
2031 this->public.acquire = (status_t(*)(ike_sa_t*,u_int32_t)) acquire;
2032 this->public.get_id = (ike_sa_id_t*(*)(ike_sa_t*)) get_id;
2033 this->public.get_my_host = (host_t*(*)(ike_sa_t*)) get_my_host;
2034 this->public.set_my_host = (void(*)(ike_sa_t*,host_t*)) set_my_host;
2035 this->public.get_other_host = (host_t*(*)(ike_sa_t*)) get_other_host;
2036 this->public.set_other_host = (void(*)(ike_sa_t*,host_t*)) set_other_host;
2037 this->public.get_my_id = (identification_t*(*)(ike_sa_t*)) get_my_id;
2038 this->public.set_my_id = (void(*)(ike_sa_t*,identification_t*)) set_my_id;
2039 this->public.get_other_id = (identification_t*(*)(ike_sa_t*)) get_other_id;
2040 this->public.set_other_id = (void(*)(ike_sa_t*,identification_t*)) set_other_id;
2041 this->public.get_next_message_id = (u_int32_t(*)(ike_sa_t*)) get_next_message_id;
2042 this->public.retransmit_request = (status_t (*) (ike_sa_t *, u_int32_t)) retransmit_request;
2043 this->public.delete = (status_t(*)(ike_sa_t*))delete_;
2044 this->public.destroy = (void(*)(ike_sa_t*))destroy;
2045 this->public.send_dpd = (status_t (*)(ike_sa_t*)) send_dpd;
2046 this->public.send_keepalive = (void (*)(ike_sa_t*)) send_keepalive;
2047 this->public.get_prf = (prf_t *(*) (ike_sa_t *)) get_prf;
2048 this->public.get_child_prf = (prf_t *(*) (ike_sa_t *)) get_child_prf;
2049 this->public.get_auth_verify = (prf_t *(*) (ike_sa_t *)) get_auth_verify;
2050 this->public.get_auth_build = (prf_t *(*) (ike_sa_t *)) get_auth_build;
2051 this->public.derive_keys = (status_t (*) (ike_sa_t *,proposal_t*,diffie_hellman_t*,chunk_t,chunk_t,bool,prf_t*,prf_t*)) derive_keys;
2052 this->public.add_child_sa = (void (*) (ike_sa_t*,child_sa_t*)) add_child_sa;
2053 this->public.has_child_sa = (bool(*)(ike_sa_t*,u_int32_t)) has_child_sa;
2054 this->public.get_child_sa = (child_sa_t* (*)(ike_sa_t*,protocol_id_t,u_int32_t,bool)) get_child_sa;
2055 this->public.create_child_sa_iterator = (iterator_t* (*)(ike_sa_t*)) create_child_sa_iterator;
2056 this->public.rekey_child_sa = (status_t(*)(ike_sa_t*,protocol_id_t,u_int32_t)) rekey_child_sa;
2057 this->public.delete_child_sa = (status_t(*)(ike_sa_t*,protocol_id_t,u_int32_t)) delete_child_sa;
2058 this->public.destroy_child_sa = (status_t (*)(ike_sa_t*,protocol_id_t,u_int32_t))destroy_child_sa;
2059 this->public.enable_natt = (void(*)(ike_sa_t*, bool)) enable_natt;
2060 this->public.is_natt_enabled = (bool(*)(ike_sa_t*)) is_natt_enabled;
2061 this->public.set_lifetimes = (void(*)(ike_sa_t*,bool,u_int32_t,u_int32_t))set_lifetimes;
2062 this->public.apply_connection = (void(*)(ike_sa_t*,connection_t*))apply_connection;
2063 this->public.rekey = (status_t(*)(ike_sa_t*))rekey;
2064 this->public.reauth = (status_t(*)(ike_sa_t*))reauth;
2065 this->public.get_rekeying_transaction = (transaction_t*(*)(ike_sa_t*))get_rekeying_transaction;
2066 this->public.set_rekeying_transaction = (void(*)(ike_sa_t*,transaction_t*))set_rekeying_transaction;
2067 this->public.adopt_children = (void(*)(ike_sa_t*,ike_sa_t*))adopt_children;
2068
2069 /* initialize private fields */
2070 this->ike_sa_id = ike_sa_id->clone(ike_sa_id);
2071 this->name = strdup("(uninitialized)");
2072 this->child_sas = linked_list_create();
2073 this->my_host = host_create_from_string("0.0.0.0", 0);
2074 this->other_host = host_create_from_string("0.0.0.0", 0);
2075 this->my_id = identification_create_from_encoding(ID_ANY, chunk_empty);
2076 this->other_id = identification_create_from_encoding(ID_ANY, chunk_empty);
2077 this->crypter_in = NULL;
2078 this->crypter_out = NULL;
2079 this->signer_in = NULL;
2080 this->signer_out = NULL;
2081 this->prf = NULL;
2082 this->auth_verify = NULL;
2083 this->auth_build = NULL;
2084 this->child_prf = NULL;
2085 this->nat_here = FALSE;
2086 this->nat_there = FALSE;
2087 this->transaction_queue = linked_list_create();
2088 this->transaction_in = NULL;
2089 this->transaction_in_next = NULL;
2090 this->transaction_out = NULL;
2091 this->rekeying_transaction = NULL;
2092 this->state = IKE_CREATED;
2093 this->message_id_out = 0;
2094 /* set to NOW, as when we rekey an existing IKE_SA no message is exchanged
2095 * and inbound therefore uninitialized */
2096 this->time.inbound = this->time.outbound = time(NULL);
2097 this->time.established = 0;
2098 this->time.rekey = 0;
2099 this->time.delete = 0;
2100 this->dpd_delay = 0;
2101 this->retrans_sequences = 0;
2102
2103 return &this->public;
2104 }