preparations to include certreqs in policy decisions
[strongswan.git] / src / charon / sa / ike_sa.c
1 /**
2 * @file ike_sa.c
3 *
4 * @brief Implementation of ike_sa_t.
5 *
6 */
7
8 /*
9 * Copyright (C) 2006 Tobias Brunner, Daniel Roethlisberger
10 * Copyright (C) 2005-2006 Martin Willi
11 * Copyright (C) 2005 Jan Hutter
12 * Hochschule fuer Technik Rapperswil
13 *
14 * This program is free software; you can redistribute it and/or modify it
15 * under the terms of the GNU General Public License as published by the
16 * Free Software Foundation; either version 2 of the License, or (at your
17 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
18 *
19 * This program is distributed in the hope that it will be useful, but
20 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
21 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
22 * for more details.
23 */
24
25 #include <sys/time.h>
26 #include <string.h>
27 #include <printf.h>
28
29 #include "ike_sa.h"
30
31 #include <types.h>
32 #include <daemon.h>
33 #include <definitions.h>
34 #include <utils/linked_list.h>
35 #include <crypto/diffie_hellman.h>
36 #include <crypto/prf_plus.h>
37 #include <crypto/crypters/crypter.h>
38 #include <crypto/hashers/hasher.h>
39 #include <encoding/payloads/sa_payload.h>
40 #include <encoding/payloads/nonce_payload.h>
41 #include <encoding/payloads/ke_payload.h>
42 #include <encoding/payloads/delete_payload.h>
43 #include <encoding/payloads/transform_substructure.h>
44 #include <encoding/payloads/transform_attribute.h>
45 #include <encoding/payloads/ts_payload.h>
46 #include <sa/transactions/transaction.h>
47 #include <sa/transactions/ike_sa_init.h>
48 #include <sa/transactions/delete_ike_sa.h>
49 #include <sa/transactions/create_child_sa.h>
50 #include <sa/transactions/delete_child_sa.h>
51 #include <sa/transactions/dead_peer_detection.h>
52 #include <sa/transactions/rekey_ike_sa.h>
53 #include <queues/jobs/retransmit_request_job.h>
54 #include <queues/jobs/delete_ike_sa_job.h>
55 #include <queues/jobs/send_dpd_job.h>
56 #include <queues/jobs/send_keepalive_job.h>
57 #include <queues/jobs/rekey_ike_sa_job.h>
58 #include <queues/jobs/route_job.h>
59 #include <queues/jobs/initiate_job.h>
60
61 ENUM(ike_sa_state_names, IKE_CREATED, IKE_DELETING,
62 "CREATED",
63 "CONNECTING",
64 "ESTABLISHED",
65 "REKEYING",
66 "DELETING",
67 );
68
69 typedef struct private_ike_sa_t private_ike_sa_t;
70
71 /**
72 * Private data of an ike_sa_t object.
73 */
74 struct private_ike_sa_t {
75
76 /**
77 * Public members
78 */
79 ike_sa_t public;
80
81 /**
82 * Identifier for the current IKE_SA.
83 */
84 ike_sa_id_t *ike_sa_id;
85
86 /**
87 * Current state of the IKE_SA
88 */
89 ike_sa_state_t state;
90
91 /**
92 * Name of the connection used by this IKE_SA
93 */
94 char *name;
95
96 /**
97 * Address of local host
98 */
99 host_t *my_host;
100
101 /**
102 * Address of remote host
103 */
104 host_t *other_host;
105
106 /**
107 * Identification used for us
108 */
109 identification_t *my_id;
110
111 /**
112 * Identification used for other
113 */
114 identification_t *other_id;
115
116 /**
117 * Linked List containing the child sa's of the current IKE_SA.
118 */
119 linked_list_t *child_sas;
120
121 /**
122 * crypter for inbound traffic
123 */
124 crypter_t *crypter_in;
125
126 /**
127 * crypter for outbound traffic
128 */
129 crypter_t *crypter_out;
130
131 /**
132 * Signer for inbound traffic
133 */
134 signer_t *signer_in;
135
136 /**
137 * Signer for outbound traffic
138 */
139 signer_t *signer_out;
140
141 /**
142 * Multi purpose prf, set key, use it, forget it
143 */
144 prf_t *prf;
145
146 /**
147 * Prf function for derivating keymat child SAs
148 */
149 prf_t *child_prf;
150
151 /**
152 * PRF to build outging authentication data
153 */
154 prf_t *auth_build;
155
156 /**
157 * PRF to verify incoming authentication data
158 */
159 prf_t *auth_verify;
160
161 /**
162 * NAT hasher.
163 */
164 hasher_t *nat_hasher;
165
166 /**
167 * NAT status of local host.
168 */
169 bool nat_here;
170
171 /**
172 * NAT status of remote host.
173 */
174 bool nat_there;
175
176 /**
177 * message ID for next outgoung request
178 */
179 u_int32_t message_id_out;
180
181 /**
182 * Timestamps for this IKE_SA
183 */
184 struct {
185 /** last IKE message received */
186 u_int32_t inbound;
187 /** last IKE message sent */
188 u_int32_t outbound;
189 /** when IKE_SA became established */
190 u_int32_t established;
191 /** when IKE_SA gets rekeyed */
192 u_int32_t rekey;
193 /** when IKE_SA gets deleted */
194 u_int32_t delete;
195 } time;
196
197 /**
198 * interval to send DPD liveness check
199 */
200 time_t dpd_delay;
201
202 /**
203 * number of retransmit sequences to go through before giving up (keyingtries)
204 */
205 u_int32_t retrans_sequences;
206
207 /**
208 * List of queued transactions to process
209 */
210 linked_list_t *transaction_queue;
211
212 /**
213 * Transaction currently initiated
214 * (only one supported yet, window size = 1)
215 */
216 transaction_t *transaction_out;
217
218 /**
219 * last transaction initiated by peer processed.
220 * (only one supported yet, window size = 1)
221 * Stored for retransmission.
222 */
223 transaction_t *transaction_in;
224
225 /**
226 * Next incoming transaction expected. Used to
227 * do multi transaction operations.
228 */
229 transaction_t *transaction_in_next;
230
231 /**
232 * Transaction which rekeys this IKE_SA, used do detect simultaneus rekeying
233 */
234 transaction_t *rekeying_transaction;
235 };
236
237 /**
238 * get the time of the latest traffic processed by the kernel
239 */
240 static time_t get_kernel_time(private_ike_sa_t* this, bool inbound)
241 {
242 iterator_t *iterator;
243 child_sa_t *child_sa;
244 time_t latest = 0, use_time;
245
246 iterator = this->child_sas->create_iterator(this->child_sas, TRUE);
247 while (iterator->iterate(iterator, (void**)&child_sa))
248 {
249 if (child_sa->get_use_time(child_sa, inbound, &use_time) == SUCCESS)
250 {
251 latest = max(latest, use_time);
252 }
253 }
254 iterator->destroy(iterator);
255
256 return latest;
257 }
258
259 /**
260 * get the time of the latest received traffice
261 */
262 static time_t get_time_inbound(private_ike_sa_t *this)
263 {
264 return max(this->time.inbound, get_kernel_time(this, TRUE));
265 }
266
267 /**
268 * get the time of the latest sent traffic
269 */
270 static time_t get_time_outbound(private_ike_sa_t *this)
271 {
272 return max(this->time.outbound, get_kernel_time(this, FALSE));
273 }
274
275 /**
276 * Implementation of ike_sa_t.get_name.
277 */
278 static char *get_name(private_ike_sa_t *this)
279 {
280 return this->name;
281 }
282
283 /**
284 * Implementation of ike_sa_t.set_name.
285 */
286 static void set_name(private_ike_sa_t *this, char* name)
287 {
288 free(this->name);
289 this->name = strdup(name);
290 }
291
292 /**
293 * Implementation of ike_sa_t.apply_connection.
294 */
295 static void apply_connection(private_ike_sa_t *this, connection_t *connection)
296 {
297 this->dpd_delay = connection->get_dpd_delay(connection);
298 this->retrans_sequences = connection->get_retrans_seq(connection);
299 }
300
301 /**
302 * Implementation of ike_sa_t.get_my_host.
303 */
304 static host_t *get_my_host(private_ike_sa_t *this)
305 {
306 return this->my_host;
307 }
308
309 /**
310 * Implementation of ike_sa_t.set_my_host.
311 */
312 static void set_my_host(private_ike_sa_t *this, host_t *me)
313 {
314 DESTROY_IF(this->my_host);
315 this->my_host = me;
316 }
317
318 /**
319 * Implementation of ike_sa_t.get_other_host.
320 */
321 static host_t *get_other_host(private_ike_sa_t *this)
322 {
323 return this->other_host;
324 }
325
326 /**
327 * Implementation of ike_sa_t.set_other_host.
328 */
329 static void set_other_host(private_ike_sa_t *this, host_t *other)
330 {
331 DESTROY_IF(this->other_host);
332 this->other_host = other;
333 }
334
335 /**
336 * Update connection host, as addresses may change (NAT)
337 */
338 static void update_hosts(private_ike_sa_t *this, host_t *me, host_t *other)
339 {
340 /*
341 * Quoting RFC 4306:
342 *
343 * 2.11. Address and Port Agility
344 *
345 * IKE runs over UDP ports 500 and 4500, and implicitly sets up ESP and
346 * AH associations for the same IP addresses it runs over. The IP
347 * addresses and ports in the outer header are, however, not themselves
348 * cryptographically protected, and IKE is designed to work even through
349 * Network Address Translation (NAT) boxes. An implementation MUST
350 * accept incoming requests even if the source port is not 500 or 4500,
351 * and MUST respond to the address and port from which the request was
352 * received. It MUST specify the address and port at which the request
353 * was received as the source address and port in the response. IKE
354 * functions identically over IPv4 or IPv6.
355 *
356 * [...]
357 *
358 * There are cases where a NAT box decides to remove mappings that
359 * are still alive (for example, the keepalive interval is too long,
360 * or the NAT box is rebooted). To recover in these cases, hosts
361 * that are not behind a NAT SHOULD send all packets (including
362 * retransmission packets) to the IP address and port from the last
363 * valid authenticated packet from the other end (i.e., dynamically
364 * update the address). A host behind a NAT SHOULD NOT do this
365 * because it opens a DoS attack possibility. Any authenticated IKE
366 * packet or any authenticated UDP-encapsulated ESP packet can be
367 * used to detect that the IP address or the port has changed.
368 */
369 iterator_t *iterator = NULL;
370 child_sa_t *child_sa = NULL;
371 host_diff_t my_diff, other_diff;
372
373 if (this->my_host->is_anyaddr(this->my_host) ||
374 this->other_host->is_anyaddr(this->other_host))
375 {
376 /* on first received message */
377 this->my_host->destroy(this->my_host);
378 this->my_host = me->clone(me);
379 this->other_host->destroy(this->other_host);
380 this->other_host = other->clone(other);
381 return;
382 }
383
384 my_diff = me->get_differences(me, this->my_host);
385 other_diff = other->get_differences(other, this->other_host);
386
387 if (!my_diff && !other_diff)
388 {
389 return;
390 }
391
392 if (my_diff)
393 {
394 this->my_host->destroy(this->my_host);
395 this->my_host = me->clone(me);
396 }
397
398 if (!this->nat_here)
399 {
400 /* update without restrictions if we are not NATted */
401 if (other_diff)
402 {
403 this->other_host->destroy(this->other_host);
404 this->other_host = other->clone(other);
405 }
406 }
407 else
408 {
409 /* if we are natted, only port may change */
410 if (other_diff & HOST_DIFF_ADDR)
411 {
412 return;
413 }
414 else if (other_diff & HOST_DIFF_PORT)
415 {
416 this->other_host->set_port(this->other_host, other->get_port(other));
417 }
418 }
419 iterator = this->child_sas->create_iterator(this->child_sas, TRUE);
420 while (iterator->iterate(iterator, (void**)&child_sa))
421 {
422 child_sa->update_hosts(child_sa, this->my_host, this->other_host,
423 my_diff, other_diff);
424 /* TODO: what to do if update fails? Delete CHILD_SA? */
425 }
426 iterator->destroy(iterator);
427 }
428
429 /**
430 * called when the peer is not responding anymore
431 */
432 static void dpd_detected(private_ike_sa_t *this)
433 {
434 connection_t *connection = NULL;
435 policy_t *policy;
436 linked_list_t *my_ts, *other_ts;
437 child_sa_t* child_sa;
438 dpd_action_t action;
439 job_t *job;
440
441 DBG2(DBG_IKE, "dead peer detected, handling CHILD_SAs dpd action");
442
443 /* check for childrens with dpdaction = hold */
444 while(this->child_sas->remove_first(this->child_sas,
445 (void**)&child_sa) == SUCCESS)
446 {
447 /* get the policy which belongs to this CHILD */
448 my_ts = child_sa->get_my_traffic_selectors(child_sa);
449 other_ts = child_sa->get_other_traffic_selectors(child_sa);
450 policy = charon->policies->get_policy(charon->policies,
451 this->my_id, this->other_id,
452 my_ts, other_ts,
453 this->my_host, this->other_host,
454 NULL);
455 if (policy == NULL)
456 {
457 DBG1(DBG_IKE, "no policy for CHILD to handle DPD");
458 continue;
459 }
460
461 action = policy->get_dpd_action(policy);
462 /* get a connection for further actions */
463 if (connection == NULL &&
464 (action == DPD_ROUTE || action == DPD_RESTART))
465 {
466 connection = charon->connections->get_connection_by_hosts(
467 charon->connections,
468 this->my_host, this->other_host);
469 if (connection == NULL)
470 {
471 SIG(IKE_UP_FAILED, "no connection found to handle DPD");
472 break;
473 }
474 }
475
476 DBG1(DBG_IKE, "dpd action for %s is %N",
477 policy->get_name(policy), dpd_action_names, action);
478
479 switch (action)
480 {
481 case DPD_ROUTE:
482 connection->get_ref(connection);
483 job = (job_t*)route_job_create(connection, policy, TRUE);
484 charon->job_queue->add(charon->job_queue, job);
485 break;
486 case DPD_RESTART:
487 connection->get_ref(connection);
488 job = (job_t*)initiate_job_create(connection, policy);
489 charon->job_queue->add(charon->job_queue, job);
490 break;
491 default:
492 policy->destroy(policy);
493 break;
494 }
495 child_sa->destroy(child_sa);
496 }
497 DESTROY_IF(connection);
498 }
499
500 /**
501 * send a request and schedule retransmission
502 */
503 static status_t transmit_request(private_ike_sa_t *this)
504 {
505 message_t *request;
506 packet_t *packet;
507 status_t status;
508 retransmit_request_job_t *job;
509 u_int32_t transmitted;
510 u_int32_t timeout;
511 transaction_t *transaction = this->transaction_out;
512 u_int32_t message_id;
513
514 transmitted = transaction->requested(transaction);
515 timeout = charon->configuration->get_retransmit_timeout(charon->configuration,
516 transmitted,
517 this->retrans_sequences);
518 if (timeout == 0)
519 {
520 DBG1(DBG_IKE, "giving up after %d retransmits, deleting IKE_SA",
521 transmitted - 1);
522 dpd_detected(this);
523 return DESTROY_ME;
524 }
525
526 status = transaction->get_request(transaction, &request);
527 if (status != SUCCESS)
528 {
529 /* generating request failed */
530 return status;
531 }
532 message_id = transaction->get_message_id(transaction);
533 /* if we retransmit, the request is already generated */
534 if (transmitted == 0)
535 {
536 status = request->generate(request, this->crypter_out, this->signer_out, &packet);
537 if (status != SUCCESS)
538 {
539 DBG1(DBG_IKE, "request generation failed. transaction discarded");
540 return FAILED;
541 }
542 }
543 else
544 {
545 DBG1(DBG_IKE, "sending retransmit %d for %N request with messageID %d",
546 transmitted, exchange_type_names, request->get_exchange_type(request),
547 message_id);
548 packet = request->get_packet(request);
549 }
550 /* finally send */
551 charon->send_queue->add(charon->send_queue, packet);
552 this->time.outbound = time(NULL);
553
554 /* schedule retransmission job */
555 job = retransmit_request_job_create(message_id, this->ike_sa_id);
556 charon->event_queue->add_relative(charon->event_queue, (job_t*)job, timeout);
557 return SUCCESS;
558 }
559
560 /**
561 * Implementation of ike_sa.retransmit_request.
562 */
563 static status_t retransmit_request(private_ike_sa_t *this, u_int32_t message_id)
564 {
565 if (this->transaction_out == NULL ||
566 this->transaction_out->get_message_id(this->transaction_out) != message_id)
567 {
568 /* no retransmit necessary, transaction did already complete */
569 return SUCCESS;
570 }
571 return transmit_request(this);
572 }
573
574 /**
575 * Check for transactions in the queue and initiate the first transaction found.
576 */
577 static status_t process_transaction_queue(private_ike_sa_t *this)
578 {
579 if (this->transaction_out)
580 {
581 /* already a transaction in progress */
582 return SUCCESS;
583 }
584
585 while (TRUE)
586 {
587 if (this->transaction_queue->remove_first(this->transaction_queue,
588 (void**)&this->transaction_out) != SUCCESS)
589 {
590 /* transaction queue empty */
591 return SUCCESS;
592 }
593 switch (transmit_request(this))
594 {
595 case SUCCESS:
596 return SUCCESS;
597 case DESTROY_ME:
598 /* critical, IKE_SA unusable, destroy immediately */
599 return DESTROY_ME;
600 default:
601 /* discard transaction, process next one */
602 this->transaction_out->destroy(this->transaction_out);
603 this->transaction_out = NULL;
604 /* handle next transaction */
605 continue;
606 }
607 }
608 }
609
610 /**
611 * Queue a new transaction and execute the next outstanding transaction
612 */
613 static status_t queue_transaction(private_ike_sa_t *this, transaction_t *transaction, bool prefer)
614 {
615 /* inject next transaction */
616 if (transaction)
617 {
618 if (prefer)
619 {
620 this->transaction_queue->insert_first(this->transaction_queue, transaction);
621 }
622 else
623 {
624 this->transaction_queue->insert_last(this->transaction_queue, transaction);
625 }
626 }
627 /* process a transaction */
628 return process_transaction_queue(this);
629 }
630
631 /**
632 * process an incoming request.
633 */
634 static status_t process_request(private_ike_sa_t *this, message_t *request)
635 {
636 transaction_t *last, *current = NULL;
637 message_t *response;
638 packet_t *packet;
639 u_int32_t request_mid;
640 status_t status;
641
642 request_mid = request->get_message_id(request);
643 last = this->transaction_in;
644
645 /* check if message ID is correct */
646 if (last)
647 {
648 u_int32_t last_mid = last->get_message_id(last);
649
650 if (last_mid == request_mid)
651 {
652 /* retransmit detected */
653 DBG1(DBG_IKE, "received retransmitted request for message "
654 "ID %d, retransmitting response", request_mid);
655 last->get_response(last, request, &response, &this->transaction_in_next);
656 packet = response->get_packet(response);
657 charon->send_queue->add(charon->send_queue, packet);
658 this->time.outbound = time(NULL);
659 return SUCCESS;
660 }
661
662 if (last_mid > request_mid)
663 {
664 /* something seriously wrong here, message id may not decrease */
665 DBG1(DBG_IKE, "received request with message ID %d, "
666 "excepted %d, ingored", request_mid, last_mid + 1);
667 return FAILED;
668 }
669 /* we allow jumps in message IDs, as long as they are incremental */
670 if (last_mid + 1 < request_mid)
671 {
672 DBG1(DBG_IKE, "received request with message ID %d, excepted %d",
673 request_mid, last_mid + 1);
674 }
675 }
676 else
677 {
678 if (request_mid != 0)
679 {
680 /* warn, but allow it */
681 DBG1(DBG_IKE, "first received request has message ID %d, "
682 "excepted 0", request_mid);
683 }
684 }
685
686 /* check if we already have a pre-created transaction for this request */
687 if (this->transaction_in_next)
688 {
689 current = this->transaction_in_next;
690 this->transaction_in_next = NULL;
691 }
692 else
693 {
694 current = transaction_create(&this->public, request);
695 if (current == NULL)
696 {
697 DBG1(DBG_IKE, "no idea how to handle received message (exchange"
698 " type %d), ignored", request->get_exchange_type(request));
699 return FAILED;
700 }
701 }
702
703 /* send message. get_request() always gives a valid response */
704 status = current->get_response(current, request, &response, &this->transaction_in_next);
705 if (response->generate(response, this->crypter_out, this->signer_out, &packet) != SUCCESS)
706 {
707 DBG1(DBG_IKE, "response generation failed, discarding transaction");
708 current->destroy(current);
709 return FAILED;
710 }
711
712 charon->send_queue->add(charon->send_queue, packet);
713 this->time.outbound = time(NULL);
714 /* act depending on transaction result */
715 switch (status)
716 {
717 case DESTROY_ME:
718 /* transactions says we should destroy the IKE_SA, so do it */
719 current->destroy(current);
720 return DESTROY_ME;
721 default:
722 /* store for retransmission, destroy old transaction */
723 this->transaction_in = current;
724 if (last)
725 {
726 last->destroy(last);
727 }
728 return SUCCESS;
729 }
730 }
731
732 /**
733 * process an incoming response
734 */
735 static status_t process_response(private_ike_sa_t *this, message_t *response)
736 {
737 transaction_t *current, *new = NULL;
738
739 current = this->transaction_out;
740 /* check if message ID is that of our currently active transaction */
741 if (current == NULL ||
742 current->get_message_id(current) != response->get_message_id(response))
743 {
744 DBG1(DBG_IKE, "received response with message ID %d "
745 "not requested, ignored", response->get_message_id(response));
746 return FAILED;
747 }
748
749 switch (current->conclude(current, response, &new))
750 {
751 case DESTROY_ME:
752 /* state requested to destroy IKE_SA */
753 return DESTROY_ME;
754 default:
755 /* discard transaction, process next one */
756 break;
757 }
758 /* transaction comleted, remove */
759 current->destroy(current);
760 this->transaction_out = NULL;
761
762 /* queue new transaction */
763 return queue_transaction(this, new, TRUE);
764 }
765
766 /**
767 * send a notify back to the sender
768 */
769 static void send_notify_response(private_ike_sa_t *this,
770 message_t *request,
771 notify_type_t type)
772 {
773 notify_payload_t *notify;
774 message_t *response;
775 host_t *src, *dst;
776 packet_t *packet;
777
778 response = message_create();
779 dst = request->get_source(request);
780 src = request->get_destination(request);
781 response->set_source(response, src->clone(src));
782 response->set_destination(response, dst->clone(dst));
783 response->set_exchange_type(response, request->get_exchange_type(request));
784 response->set_request(response, FALSE);
785 response->set_message_id(response, request->get_message_id(request));
786 response->set_ike_sa_id(response, this->ike_sa_id);
787 notify = notify_payload_create_from_protocol_and_type(PROTO_NONE, type);
788 response->add_payload(response, (payload_t *)notify);
789 if (response->generate(response, this->crypter_out, this->signer_out, &packet) != SUCCESS)
790 {
791 response->destroy(response);
792 return;
793 }
794 charon->send_queue->add(charon->send_queue, packet);
795 this->time.outbound = time(NULL);
796 response->destroy(response);
797 return;
798 }
799
800
801 /**
802 * Implementation of ike_sa_t.process_message.
803 */
804 static status_t process_message(private_ike_sa_t *this, message_t *message)
805 {
806 status_t status;
807 bool is_request;
808
809 is_request = message->get_request(message);
810
811 status = message->parse_body(message, this->crypter_in, this->signer_in);
812 if (status != SUCCESS)
813 {
814
815 if (is_request)
816 {
817 switch (status)
818 {
819 case NOT_SUPPORTED:
820 DBG1(DBG_IKE, "ciritcal unknown payloads found");
821 if (is_request)
822 {
823 send_notify_response(this, message, UNSUPPORTED_CRITICAL_PAYLOAD);
824 }
825 break;
826 case PARSE_ERROR:
827 DBG1(DBG_IKE, "message parsing failed");
828 if (is_request)
829 {
830 send_notify_response(this, message, INVALID_SYNTAX);
831 }
832 break;
833 case VERIFY_ERROR:
834 DBG1(DBG_IKE, "message verification failed");
835 if (is_request)
836 {
837 send_notify_response(this, message, INVALID_SYNTAX);
838 }
839 break;
840 case FAILED:
841 DBG1(DBG_IKE, "integrity check failed");
842 /* ignored */
843 break;
844 case INVALID_STATE:
845 DBG1(DBG_IKE, "found encrypted message, but no keys available");
846 if (is_request)
847 {
848 send_notify_response(this, message, INVALID_SYNTAX);
849 }
850 default:
851 break;
852 }
853 }
854 DBG1(DBG_IKE, "%N %s with message ID %d processing failed",
855 exchange_type_names, message->get_exchange_type(message),
856 message->get_request(message) ? "request" : "response",
857 message->get_message_id(message));
858 }
859 else
860 {
861 /* check if message is trustworthy, and update connection information */
862 if (this->state == IKE_CREATED ||
863 message->get_exchange_type(message) != IKE_SA_INIT)
864 {
865 update_hosts(this, message->get_destination(message),
866 message->get_source(message));
867 this->time.inbound = time(NULL);
868 }
869 if (is_request)
870 {
871 status = process_request(this, message);
872 }
873 else
874 {
875 status = process_response(this, message);
876 }
877 }
878 return status;
879 }
880
881 /**
882 * Implementation of ike_sa_t.initiate.
883 */
884 static status_t initiate(private_ike_sa_t *this,
885 connection_t *connection, policy_t *policy)
886 {
887 switch (this->state)
888 {
889 case IKE_CREATED:
890 {
891 /* in state CREATED, we must do the ike_sa_init
892 * and ike_auth transactions. Along with these,
893 * a CHILD_SA with the supplied policy is set up.
894 */
895 ike_sa_init_t *ike_sa_init;
896
897 DBG2(DBG_IKE, "initiating new IKE_SA for CHILD_SA");
898 DESTROY_IF(this->my_host);
899 this->my_host = connection->get_my_host(connection);
900 this->my_host = this->my_host->clone(this->my_host);
901 DESTROY_IF(this->other_host);
902 this->other_host = connection->get_other_host(connection);
903 this->other_host = this->other_host->clone(this->other_host);
904 this->retrans_sequences = connection->get_retrans_seq(connection);
905 this->dpd_delay = connection->get_dpd_delay(connection);
906
907 if (this->other_host->is_anyaddr(this->other_host))
908 {
909 SIG(IKE_UP_START, "establishing new IKE_SA for CHILD_SA");
910 SIG(IKE_UP_FAILED, "can not initiate a connection to %%any, aborting");
911 policy->destroy(policy);
912 connection->destroy(connection);
913 return DESTROY_ME;
914 }
915
916 this->message_id_out = 1;
917 ike_sa_init = ike_sa_init_create(&this->public);
918 ike_sa_init->set_config(ike_sa_init, connection, policy);
919 return queue_transaction(this, (transaction_t*)ike_sa_init, TRUE);
920 }
921 case IKE_DELETING:
922 case IKE_REKEYING:
923 {
924 /* if we are in DELETING/REKEYING, we deny set up of a policy.
925 * TODO: would it make sense to queue the transaction and adopt
926 * all transactions to the new IKE_SA? */
927 SIG(IKE_UP_START, "creating CHILD_SA in existing IKE_SA");
928 SIG(IKE_UP_FAILED, "creating CHILD_SA discarded, as IKE_SA is in state %N",
929 ike_sa_state_names, this->state);
930 policy->destroy(policy);
931 connection->destroy(connection);
932 return FAILED;
933 }
934 case IKE_CONNECTING:
935 case IKE_ESTABLISHED:
936 {
937 /* if we are ESTABLISHED or CONNECTING, we queue the
938 * transaction to create the CHILD_SA. It gets processed
939 * when the IKE_SA is ready to do so. We don't need the
940 * connection, as the IKE_SA is already established/establishing.
941 */
942 create_child_sa_t *create_child;
943
944 DBG1(DBG_IKE, "creating CHILD_SA in existing IKE_SA");
945 connection->destroy(connection);
946 create_child = create_child_sa_create(&this->public);
947 create_child->set_policy(create_child, policy);
948 return queue_transaction(this, (transaction_t*)create_child, FALSE);
949 }
950 }
951 return FAILED;
952 }
953
954 /**
955 * Implementation of ike_sa_t.acquire.
956 */
957 static status_t acquire(private_ike_sa_t *this, u_int32_t reqid)
958 {
959 connection_t *connection;
960 policy_t *policy;
961 iterator_t *iterator;
962 child_sa_t *current, *child_sa = NULL;
963 linked_list_t *my_ts, *other_ts;
964
965 if (this->state == IKE_DELETING)
966 {
967 SIG(CHILD_UP_START, "acquiring CHILD_SA on kernel request");
968 SIG(CHILD_UP_FAILED, "acquiring CHILD_SA (reqid %d) failed: "
969 "IKE_SA is deleting", reqid);
970 return FAILED;
971 }
972
973 /* find CHILD_SA */
974 iterator = this->child_sas->create_iterator(this->child_sas, TRUE);
975 while (iterator->iterate(iterator, (void**)&current))
976 {
977 if (current->get_reqid(current) == reqid)
978 {
979 child_sa = current;
980 break;
981 }
982 }
983 iterator->destroy(iterator);
984 if (!child_sa)
985 {
986 SIG(CHILD_UP_START, "acquiring CHILD_SA on kernel request");
987 SIG(CHILD_UP_FAILED, "acquiring CHILD_SA (reqid %d) failed: "
988 "CHILD_SA not found", reqid);
989 return FAILED;
990 }
991 my_ts = child_sa->get_my_traffic_selectors(child_sa);
992 other_ts = child_sa->get_other_traffic_selectors(child_sa);
993
994 policy = charon->policies->get_policy(charon->policies,
995 this->my_id, this->other_id,
996 my_ts, other_ts,
997 this->my_host, this->other_host,
998 NULL);
999 if (policy == NULL)
1000 {
1001 SIG(CHILD_UP_START, "acquiring CHILD_SA with reqid %d", reqid);
1002 SIG(CHILD_UP_FAILED, "acquiring CHILD_SA (reqid %d) failed: "
1003 "no policy found", reqid);
1004 return FAILED;
1005 }
1006
1007 switch (this->state)
1008 {
1009 case IKE_CREATED:
1010 {
1011 ike_sa_init_t *ike_sa_init;
1012
1013 connection = charon->connections->get_connection_by_hosts(
1014 charon->connections, this->my_host, this->other_host);
1015
1016 if (connection == NULL)
1017 {
1018 SIG(CHILD_UP_START, "acquiring CHILD_SA with reqid %d", reqid);
1019 SIG(CHILD_UP_FAILED, "acquiring CHILD_SA (reqid %d) failed: "
1020 "no connection found to establsih IKE_SA", reqid);
1021 policy->destroy(policy);
1022 return FAILED;
1023 }
1024
1025 DBG1(DBG_IKE, "establishing IKE_SA to acquire CHILD_SA "
1026 "with reqid %d", reqid);
1027
1028 this->message_id_out = 1;
1029 ike_sa_init = ike_sa_init_create(&this->public);
1030 ike_sa_init->set_config(ike_sa_init, connection, policy);
1031 /* reuse existing reqid */
1032 ike_sa_init->set_reqid(ike_sa_init, reqid);
1033 return queue_transaction(this, (transaction_t*)ike_sa_init, TRUE);
1034 }
1035 case IKE_CONNECTING:
1036 case IKE_ESTABLISHED:
1037 {
1038 create_child_sa_t *create_child;
1039
1040 DBG1(DBG_CHD, "acquiring CHILD_SA with reqid %d", reqid);
1041
1042 create_child = create_child_sa_create(&this->public);
1043 create_child->set_policy(create_child, policy);
1044 /* reuse existing reqid */
1045 create_child->set_reqid(create_child, reqid);
1046 return queue_transaction(this, (transaction_t*)create_child, FALSE);
1047 }
1048 default:
1049 break;
1050 }
1051 return FAILED;
1052 }
1053
1054 /**
1055 * compare two lists of traffic selectors for equality
1056 */
1057 static bool ts_list_equals(linked_list_t *l1, linked_list_t *l2)
1058 {
1059 bool equals = TRUE;
1060 iterator_t *i1, *i2;
1061 traffic_selector_t *t1, *t2;
1062
1063 if (l1->get_count(l1) != l2->get_count(l2))
1064 {
1065 return FALSE;
1066 }
1067
1068 i1 = l1->create_iterator(l1, TRUE);
1069 i2 = l2->create_iterator(l2, TRUE);
1070 while (i1->iterate(i1, (void**)&t1) && i2->iterate(i2, (void**)&t2))
1071 {
1072 if (!t1->equals(t1, t2))
1073 {
1074 equals = FALSE;
1075 break;
1076 }
1077 }
1078 i1->destroy(i1);
1079 i2->destroy(i2);
1080 return equals;
1081 }
1082
1083 /**
1084 * Implementation of ike_sa_t.route.
1085 */
1086 static status_t route(private_ike_sa_t *this, connection_t *connection, policy_t *policy)
1087 {
1088 child_sa_t *child_sa = NULL;
1089 iterator_t *iterator;
1090 linked_list_t *my_ts, *other_ts;
1091 status_t status;
1092
1093 SIG(CHILD_ROUTE_START, "routing CHILD_SA");
1094
1095 /* check if not already routed*/
1096 iterator = this->child_sas->create_iterator(this->child_sas, TRUE);
1097 while (iterator->iterate(iterator, (void**)&child_sa))
1098 {
1099 if (child_sa->get_state(child_sa) == CHILD_ROUTED)
1100 {
1101 linked_list_t *my_ts_conf, *other_ts_conf;
1102
1103 my_ts = child_sa->get_my_traffic_selectors(child_sa);
1104 other_ts = child_sa->get_other_traffic_selectors(child_sa);
1105
1106 my_ts_conf = policy->get_my_traffic_selectors(policy, this->my_host);
1107 other_ts_conf = policy->get_other_traffic_selectors(policy, this->other_host);
1108
1109 if (ts_list_equals(my_ts, my_ts_conf) &&
1110 ts_list_equals(other_ts, other_ts_conf))
1111 {
1112 iterator->destroy(iterator);
1113 my_ts_conf->destroy_offset(my_ts_conf, offsetof(traffic_selector_t, destroy));
1114 other_ts_conf->destroy_offset(other_ts_conf, offsetof(traffic_selector_t, destroy));
1115 SIG(CHILD_ROUTE_FAILED, "CHILD_SA with such a policy already routed");
1116 return FAILED;
1117 }
1118 my_ts_conf->destroy_offset(my_ts_conf, offsetof(traffic_selector_t, destroy));
1119 other_ts_conf->destroy_offset(other_ts_conf, offsetof(traffic_selector_t, destroy));
1120 }
1121 }
1122 iterator->destroy(iterator);
1123
1124 switch (this->state)
1125 {
1126 case IKE_CREATED:
1127 case IKE_CONNECTING:
1128 /* we update IKE_SA information as good as possible,
1129 * this allows us to set up the SA later when an acquire comes in. */
1130 if (this->my_id->get_type(this->my_id) == ID_ANY)
1131 {
1132 this->my_id->destroy(this->my_id);
1133 this->my_id = policy->get_my_id(policy);
1134 this->my_id = this->my_id->clone(this->my_id);
1135 }
1136 if (this->other_id->get_type(this->other_id) == ID_ANY)
1137 {
1138 this->other_id->destroy(this->other_id);
1139 this->other_id = policy->get_other_id(policy);
1140 this->other_id = this->other_id->clone(this->other_id);
1141 }
1142 if (this->my_host->is_anyaddr(this->my_host))
1143 {
1144 this->my_host->destroy(this->my_host);
1145 this->my_host = connection->get_my_host(connection);
1146 this->my_host = this->my_host->clone(this->my_host);
1147 }
1148 if (this->other_host->is_anyaddr(this->other_host))
1149 {
1150 this->other_host->destroy(this->other_host);
1151 this->other_host = connection->get_other_host(connection);
1152 this->other_host = this->other_host->clone(this->other_host);
1153 }
1154 set_name(this, connection->get_name(connection));
1155 this->retrans_sequences = connection->get_retrans_seq(connection);
1156 this->dpd_delay = connection->get_dpd_delay(connection);
1157 break;
1158 case IKE_ESTABLISHED:
1159 case IKE_REKEYING:
1160 /* nothing to do. We allow it for rekeying, as it will be
1161 * adopted by the new IKE_SA */
1162 break;
1163 case IKE_DELETING:
1164 /* TODO: hanlde this case, create a new IKE_SA and route CHILD_SA */
1165 SIG(CHILD_ROUTE_FAILED, "unable to route CHILD_SA, as its IKE_SA gets deleted");
1166 return FAILED;
1167 }
1168
1169 child_sa = child_sa_create(0, this->my_host, this->other_host,
1170 this->my_id, this->other_id,
1171 0, 0,
1172 NULL, policy->get_hostaccess(policy),
1173 FALSE);
1174 child_sa->set_name(child_sa, policy->get_name(policy));
1175 my_ts = policy->get_my_traffic_selectors(policy, this->my_host);
1176 other_ts = policy->get_other_traffic_selectors(policy, this->other_host);
1177 status = child_sa->add_policies(child_sa, my_ts, other_ts);
1178 my_ts->destroy_offset(my_ts, offsetof(traffic_selector_t, destroy));
1179 other_ts->destroy_offset(other_ts, offsetof(traffic_selector_t, destroy));
1180 this->child_sas->insert_last(this->child_sas, child_sa);
1181 SIG(CHILD_ROUTE_SUCCESS, "CHILD_SA routed");
1182 return status;
1183 }
1184
1185 /**
1186 * Implementation of ike_sa_t.unroute.
1187 */
1188 static status_t unroute(private_ike_sa_t *this, policy_t *policy)
1189 {
1190 iterator_t *iterator;
1191 child_sa_t *child_sa = NULL;
1192 bool found = FALSE;
1193 linked_list_t *my_ts, *other_ts, *my_ts_conf, *other_ts_conf;
1194
1195 SIG(CHILD_UNROUTE_START, "unrouting CHILD_SA");
1196
1197 /* find CHILD_SA in ROUTED state */
1198 iterator = this->child_sas->create_iterator(this->child_sas, TRUE);
1199 while (iterator->iterate(iterator, (void**)&child_sa))
1200 {
1201 if (child_sa->get_state(child_sa) == CHILD_ROUTED)
1202 {
1203 my_ts = child_sa->get_my_traffic_selectors(child_sa);
1204 other_ts = child_sa->get_other_traffic_selectors(child_sa);
1205
1206 my_ts_conf = policy->get_my_traffic_selectors(policy, this->my_host);
1207 other_ts_conf = policy->get_other_traffic_selectors(policy, this->other_host);
1208
1209 if (ts_list_equals(my_ts, my_ts_conf) &&
1210 ts_list_equals(other_ts, other_ts_conf))
1211 {
1212 iterator->remove(iterator);
1213 SIG(CHILD_UNROUTE_SUCCESS, "CHILD_SA unrouted");
1214 child_sa->destroy(child_sa);
1215 my_ts_conf->destroy_offset(my_ts_conf, offsetof(traffic_selector_t, destroy));
1216 other_ts_conf->destroy_offset(other_ts_conf, offsetof(traffic_selector_t, destroy));
1217 found = TRUE;
1218 break;
1219 }
1220 my_ts_conf->destroy_offset(my_ts_conf, offsetof(traffic_selector_t, destroy));
1221 other_ts_conf->destroy_offset(other_ts_conf, offsetof(traffic_selector_t, destroy));
1222 }
1223 }
1224 iterator->destroy(iterator);
1225
1226 if (!found)
1227 {
1228 SIG(CHILD_UNROUTE_FAILED, "CHILD_SA to unroute not found");
1229 return FAILED;
1230 }
1231 /* if we are not established, and we have no more routed childs, remove whole SA */
1232 if (this->state == IKE_CREATED &&
1233 this->child_sas->get_count(this->child_sas) == 0)
1234 {
1235 return DESTROY_ME;
1236 }
1237 return SUCCESS;
1238 }
1239
1240 /**
1241 * Implementation of ike_sa_t.send_dpd
1242 */
1243 static status_t send_dpd(private_ike_sa_t *this)
1244 {
1245 send_dpd_job_t *job;
1246 time_t diff;
1247
1248 if (this->dpd_delay == 0)
1249 {
1250 /* DPD disabled */
1251 return SUCCESS;
1252 }
1253
1254 if (this->transaction_out)
1255 {
1256 /* there is a transaction in progress. Come back later */
1257 diff = 0;
1258 }
1259 else
1260 {
1261 /* check if there was any inbound traffic */
1262 time_t last_in, now;
1263 last_in = get_time_inbound(this);
1264 now = time(NULL);
1265 diff = now - last_in;
1266 if (diff >= this->dpd_delay)
1267 {
1268 /* to long ago, initiate dead peer detection */
1269 dead_peer_detection_t *dpd;
1270 DBG1(DBG_IKE, "sending DPD request");
1271 dpd = dead_peer_detection_create(&this->public);
1272 queue_transaction(this, (transaction_t*)dpd, FALSE);
1273 diff = 0;
1274 }
1275 }
1276 /* recheck in "interval" seconds */
1277 job = send_dpd_job_create(this->ike_sa_id);
1278 charon->event_queue->add_relative(charon->event_queue, (job_t*)job,
1279 (this->dpd_delay - diff) * 1000);
1280 return SUCCESS;
1281 }
1282
1283 /**
1284 * Implementation of ike_sa_t.send_keepalive
1285 */
1286 static void send_keepalive(private_ike_sa_t *this)
1287 {
1288 send_keepalive_job_t *job;
1289 time_t last_out, now, diff, interval;
1290
1291 last_out = get_time_outbound(this);
1292 now = time(NULL);
1293
1294 diff = now - last_out;
1295 interval = charon->configuration->get_keepalive_interval(charon->configuration);
1296
1297 if (diff >= interval)
1298 {
1299 packet_t *packet;
1300 chunk_t data;
1301
1302 packet = packet_create();
1303 packet->set_source(packet, this->my_host->clone(this->my_host));
1304 packet->set_destination(packet, this->other_host->clone(this->other_host));
1305 data.ptr = malloc(1);
1306 data.ptr[0] = 0xFF;
1307 data.len = 1;
1308 packet->set_data(packet, data);
1309 charon->send_queue->add(charon->send_queue, packet);
1310 DBG1(DBG_IKE, "sending keep alive");
1311 diff = 0;
1312 }
1313 job = send_keepalive_job_create(this->ike_sa_id);
1314 charon->event_queue->add_relative(charon->event_queue, (job_t*)job,
1315 (interval - diff) * 1000);
1316 }
1317
1318 /**
1319 * Implementation of ike_sa_t.get_state.
1320 */
1321 static ike_sa_state_t get_state(private_ike_sa_t *this)
1322 {
1323 return this->state;
1324 }
1325
1326 /**
1327 * Implementation of ike_sa_t.set_state.
1328 */
1329 static void set_state(private_ike_sa_t *this, ike_sa_state_t state)
1330 {
1331 DBG1(DBG_IKE, "IKE_SA state change: %N => %N",
1332 ike_sa_state_names, this->state,
1333 ike_sa_state_names, state);
1334
1335 if (state == IKE_ESTABLISHED)
1336 {
1337 this->time.established = time(NULL);
1338 /* start DPD checks */
1339 send_dpd(this);
1340 }
1341
1342 this->state = state;
1343 }
1344
1345 /**
1346 * Implementation of ike_sa_t.get_prf.
1347 */
1348 static prf_t *get_prf(private_ike_sa_t *this)
1349 {
1350 return this->prf;
1351 }
1352
1353 /**
1354 * Implementation of ike_sa_t.get_prf.
1355 */
1356 static prf_t *get_child_prf(private_ike_sa_t *this)
1357 {
1358 return this->child_prf;
1359 }
1360
1361 /**
1362 * Implementation of ike_sa_t.get_auth_bild
1363 */
1364 static prf_t *get_auth_build(private_ike_sa_t *this)
1365 {
1366 return this->auth_build;
1367 }
1368
1369 /**
1370 * Implementation of ike_sa_t.get_auth_verify
1371 */
1372 static prf_t *get_auth_verify(private_ike_sa_t *this)
1373 {
1374 return this->auth_verify;
1375 }
1376
1377 /**
1378 * Implementation of ike_sa_t.get_id.
1379 */
1380 static ike_sa_id_t* get_id(private_ike_sa_t *this)
1381 {
1382 return this->ike_sa_id;
1383 }
1384
1385 /**
1386 * Implementation of ike_sa_t.get_my_id.
1387 */
1388 static identification_t* get_my_id(private_ike_sa_t *this)
1389 {
1390 return this->my_id;
1391 }
1392
1393 /**
1394 * Implementation of ike_sa_t.set_my_id.
1395 */
1396 static void set_my_id(private_ike_sa_t *this, identification_t *me)
1397 {
1398 DESTROY_IF(this->my_id);
1399 this->my_id = me;
1400 }
1401
1402 /**
1403 * Implementation of ike_sa_t.get_other_id.
1404 */
1405 static identification_t* get_other_id(private_ike_sa_t *this)
1406 {
1407 return this->other_id;
1408 }
1409
1410 /**
1411 * Implementation of ike_sa_t.set_other_id.
1412 */
1413 static void set_other_id(private_ike_sa_t *this, identification_t *other)
1414 {
1415 DESTROY_IF(this->other_id);
1416 this->other_id = other;
1417 }
1418
1419 /**
1420 * Implementation of ike_sa_t.derive_keys.
1421 */
1422 static status_t derive_keys(private_ike_sa_t *this,
1423 proposal_t *proposal, diffie_hellman_t *dh,
1424 chunk_t nonce_i, chunk_t nonce_r,
1425 bool initiator, prf_t *child_prf, prf_t *old_prf)
1426 {
1427 prf_plus_t *prf_plus;
1428 chunk_t skeyseed, secret, key, nonces, prf_plus_seed;
1429 algorithm_t *algo;
1430 size_t key_size;
1431 crypter_t *crypter_i, *crypter_r;
1432 signer_t *signer_i, *signer_r;
1433 prf_t *prf_i, *prf_r;
1434 u_int8_t spi_i_buf[sizeof(u_int64_t)], spi_r_buf[sizeof(u_int64_t)];
1435 chunk_t spi_i = chunk_from_buf(spi_i_buf);
1436 chunk_t spi_r = chunk_from_buf(spi_r_buf);
1437
1438 /* Create SAs general purpose PRF first, we may use it here */
1439 if (!proposal->get_algorithm(proposal, PSEUDO_RANDOM_FUNCTION, &algo))
1440 {
1441 DBG1(DBG_IKE, "key derivation failed: no PSEUDO_RANDOM_FUNCTION");;
1442 return FAILED;
1443 }
1444 this->prf = prf_create(algo->algorithm);
1445 if (this->prf == NULL)
1446 {
1447 DBG1(DBG_IKE, "key derivation failed: PSEUDO_RANDOM_FUNCTION "
1448 "%N not supported!", pseudo_random_function_names, algo->algorithm);
1449 return FAILED;
1450 }
1451
1452 dh->get_shared_secret(dh, &secret);
1453 DBG4(DBG_IKE, "shared Diffie Hellman secret %B", &secret);
1454 nonces = chunk_cat("cc", nonce_i, nonce_r);
1455 *((u_int64_t*)spi_i.ptr) = this->ike_sa_id->get_initiator_spi(this->ike_sa_id);
1456 *((u_int64_t*)spi_r.ptr) = this->ike_sa_id->get_responder_spi(this->ike_sa_id);
1457 prf_plus_seed = chunk_cat("ccc", nonces, spi_i, spi_r);
1458
1459 /* KEYMAT = prf+ (SKEYSEED, Ni | Nr | SPIi | SPIr)
1460 *
1461 * if we are rekeying, SKEYSEED is built on another way
1462 */
1463 if (child_prf == NULL) /* not rekeying */
1464 {
1465 /* SKEYSEED = prf(Ni | Nr, g^ir) */
1466 this->prf->set_key(this->prf, nonces);
1467 this->prf->allocate_bytes(this->prf, secret, &skeyseed);
1468 DBG4(DBG_IKE, "SKEYSEED %B", &skeyseed);
1469 this->prf->set_key(this->prf, skeyseed);
1470 chunk_free(&skeyseed);
1471 chunk_free(&secret);
1472 prf_plus = prf_plus_create(this->prf, prf_plus_seed);
1473 }
1474 else
1475 {
1476 /* SKEYSEED = prf(SK_d (old), [g^ir (new)] | Ni | Nr)
1477 * use OLD SAs PRF functions for both prf_plus and prf */
1478 secret = chunk_cat("mc", secret, nonces);
1479 child_prf->allocate_bytes(child_prf, secret, &skeyseed);
1480 DBG4(DBG_IKE, "SKEYSEED %B", &skeyseed);
1481 old_prf->set_key(old_prf, skeyseed);
1482 chunk_free(&skeyseed);
1483 chunk_free(&secret);
1484 prf_plus = prf_plus_create(old_prf, prf_plus_seed);
1485 }
1486 chunk_free(&nonces);
1487 chunk_free(&prf_plus_seed);
1488
1489 /* KEYMAT = SK_d | SK_ai | SK_ar | SK_ei | SK_er | SK_pi | SK_pr */
1490
1491 /* SK_d is used for generating CHILD_SA key mat => child_prf */
1492 proposal->get_algorithm(proposal, PSEUDO_RANDOM_FUNCTION, &algo);
1493 this->child_prf = prf_create(algo->algorithm);
1494 key_size = this->child_prf->get_key_size(this->child_prf);
1495 prf_plus->allocate_bytes(prf_plus, key_size, &key);
1496 DBG4(DBG_IKE, "Sk_d secret %B", &key);
1497 this->child_prf->set_key(this->child_prf, key);
1498 chunk_free(&key);
1499
1500 /* SK_ai/SK_ar used for integrity protection => signer_in/signer_out */
1501 if (!proposal->get_algorithm(proposal, INTEGRITY_ALGORITHM, &algo))
1502 {
1503 DBG1(DBG_IKE, "key derivation failed: no INTEGRITY_ALGORITHM");
1504 return FAILED;
1505 }
1506 signer_i = signer_create(algo->algorithm);
1507 signer_r = signer_create(algo->algorithm);
1508 if (signer_i == NULL || signer_r == NULL)
1509 {
1510 DBG1(DBG_IKE, "key derivation failed: INTEGRITY_ALGORITHM "
1511 "%N not supported!", integrity_algorithm_names ,algo->algorithm);
1512 return FAILED;
1513 }
1514 key_size = signer_i->get_key_size(signer_i);
1515
1516 prf_plus->allocate_bytes(prf_plus, key_size, &key);
1517 DBG4(DBG_IKE, "Sk_ai secret %B", &key);
1518 signer_i->set_key(signer_i, key);
1519 chunk_free(&key);
1520
1521 prf_plus->allocate_bytes(prf_plus, key_size, &key);
1522 DBG4(DBG_IKE, "Sk_ar secret %B", &key);
1523 signer_r->set_key(signer_r, key);
1524 chunk_free(&key);
1525
1526 if (initiator)
1527 {
1528 this->signer_in = signer_r;
1529 this->signer_out = signer_i;
1530 }
1531 else
1532 {
1533 this->signer_in = signer_i;
1534 this->signer_out = signer_r;
1535 }
1536
1537 /* SK_ei/SK_er used for encryption => crypter_in/crypter_out */
1538 if (!proposal->get_algorithm(proposal, ENCRYPTION_ALGORITHM, &algo))
1539 {
1540 DBG1(DBG_IKE, "key derivation failed: no ENCRYPTION_ALGORITHM");
1541 return FAILED;
1542 }
1543 crypter_i = crypter_create(algo->algorithm, algo->key_size / 8);
1544 crypter_r = crypter_create(algo->algorithm, algo->key_size / 8);
1545 if (crypter_i == NULL || crypter_r == NULL)
1546 {
1547 DBG1(DBG_IKE, "key derivation failed: ENCRYPTION_ALGORITHM "
1548 "%N (key size %d) not supported!",
1549 encryption_algorithm_names, algo->algorithm, algo->key_size);
1550 return FAILED;
1551 }
1552 key_size = crypter_i->get_key_size(crypter_i);
1553
1554 prf_plus->allocate_bytes(prf_plus, key_size, &key);
1555 DBG4(DBG_IKE, "Sk_ei secret %B", &key);
1556 crypter_i->set_key(crypter_i, key);
1557 chunk_free(&key);
1558
1559 prf_plus->allocate_bytes(prf_plus, key_size, &key);
1560 DBG4(DBG_IKE, "Sk_er secret %B", &key);
1561 crypter_r->set_key(crypter_r, key);
1562 chunk_free(&key);
1563
1564 if (initiator)
1565 {
1566 this->crypter_in = crypter_r;
1567 this->crypter_out = crypter_i;
1568 }
1569 else
1570 {
1571 this->crypter_in = crypter_i;
1572 this->crypter_out = crypter_r;
1573 }
1574
1575 /* SK_pi/SK_pr used for authentication => prf_auth_i, prf_auth_r */
1576 proposal->get_algorithm(proposal, PSEUDO_RANDOM_FUNCTION, &algo);
1577 prf_i = prf_create(algo->algorithm);
1578 prf_r = prf_create(algo->algorithm);
1579
1580 key_size = prf_i->get_key_size(prf_i);
1581 prf_plus->allocate_bytes(prf_plus, key_size, &key);
1582 DBG4(DBG_IKE, "Sk_pi secret %B", &key);
1583 prf_i->set_key(prf_i, key);
1584 chunk_free(&key);
1585
1586 prf_plus->allocate_bytes(prf_plus, key_size, &key);
1587 DBG4(DBG_IKE, "Sk_pr secret %B", &key);
1588 prf_r->set_key(prf_r, key);
1589 chunk_free(&key);
1590
1591 if (initiator)
1592 {
1593 this->auth_verify = prf_r;
1594 this->auth_build = prf_i;
1595 }
1596 else
1597 {
1598 this->auth_verify = prf_i;
1599 this->auth_build = prf_r;
1600 }
1601
1602 /* all done, prf_plus not needed anymore */
1603 prf_plus->destroy(prf_plus);
1604
1605 return SUCCESS;
1606 }
1607
1608 /**
1609 * Implementation of ike_sa_t.add_child_sa.
1610 */
1611 static void add_child_sa(private_ike_sa_t *this, child_sa_t *child_sa)
1612 {
1613 this->child_sas->insert_last(this->child_sas, child_sa);
1614 }
1615
1616 /**
1617 * Implementation of ike_sa_t.has_child_sa.
1618 */
1619 static bool has_child_sa(private_ike_sa_t *this, u_int32_t reqid)
1620 {
1621 iterator_t *iterator;
1622 child_sa_t *current;
1623 bool found = FALSE;
1624
1625 iterator = this->child_sas->create_iterator(this->child_sas, TRUE);
1626 while (iterator->iterate(iterator, (void**)&current))
1627 {
1628 if (current->get_reqid(current) == reqid)
1629 {
1630 found = TRUE;
1631 break;
1632 }
1633 }
1634 iterator->destroy(iterator);
1635 return found;
1636 }
1637
1638 /**
1639 * Implementation of ike_sa_t.get_child_sa.
1640 */
1641 static child_sa_t* get_child_sa(private_ike_sa_t *this, protocol_id_t protocol,
1642 u_int32_t spi, bool inbound)
1643 {
1644 iterator_t *iterator;
1645 child_sa_t *current, *found = NULL;
1646
1647 iterator = this->child_sas->create_iterator(this->child_sas, TRUE);
1648 while (iterator->iterate(iterator, (void**)&current))
1649 {;
1650 if (current->get_spi(current, inbound) == spi &&
1651 current->get_protocol(current) == protocol)
1652 {
1653 found = current;
1654 }
1655 }
1656 iterator->destroy(iterator);
1657 return found;
1658 }
1659
1660 /**
1661 * Implementation of ike_sa_t.create_child_sa_iterator.
1662 */
1663 static iterator_t* create_child_sa_iterator(private_ike_sa_t *this)
1664 {
1665 return this->child_sas->create_iterator(this->child_sas, TRUE);
1666 }
1667
1668 /**
1669 * Implementation of ike_sa_t.rekey_child_sa.
1670 */
1671 static status_t rekey_child_sa(private_ike_sa_t *this, protocol_id_t protocol, u_int32_t spi)
1672 {
1673 create_child_sa_t *rekey;
1674 child_sa_t *child_sa;
1675
1676 child_sa = get_child_sa(this, protocol, spi, TRUE);
1677 if (child_sa == NULL)
1678 {
1679 return NOT_FOUND;
1680 }
1681
1682 rekey = create_child_sa_create(&this->public);
1683 rekey->rekeys_child(rekey, child_sa);
1684 return queue_transaction(this, (transaction_t*)rekey, FALSE);
1685 }
1686
1687 /**
1688 * Implementation of ike_sa_t.delete_child_sa.
1689 */
1690 static status_t delete_child_sa(private_ike_sa_t *this, protocol_id_t protocol, u_int32_t spi)
1691 {
1692 delete_child_sa_t *del;
1693 child_sa_t *child_sa;
1694
1695 child_sa = get_child_sa(this, protocol, spi, TRUE);
1696 if (child_sa == NULL)
1697 {
1698 return NOT_FOUND;
1699 }
1700
1701 del = delete_child_sa_create(&this->public);
1702 del->set_child_sa(del, child_sa);
1703 return queue_transaction(this, (transaction_t*)del, FALSE);
1704 }
1705
1706 /**
1707 * Implementation of ike_sa_t.destroy_child_sa.
1708 */
1709 static status_t destroy_child_sa(private_ike_sa_t *this, protocol_id_t protocol, u_int32_t spi)
1710 {
1711 iterator_t *iterator;
1712 child_sa_t *child_sa;
1713 status_t status = NOT_FOUND;
1714
1715 iterator = this->child_sas->create_iterator(this->child_sas, TRUE);
1716 while (iterator->iterate(iterator, (void**)&child_sa))
1717 {
1718 if (child_sa->get_protocol(child_sa) == protocol &&
1719 child_sa->get_spi(child_sa, TRUE) == spi)
1720 {
1721 child_sa->destroy(child_sa);
1722 iterator->remove(iterator);
1723 status = SUCCESS;
1724 break;
1725 }
1726 }
1727 iterator->destroy(iterator);
1728 return status;
1729 }
1730
1731 /**
1732 * Implementation of ike_sa_t.set_lifetimes.
1733 */
1734 static void set_lifetimes(private_ike_sa_t *this,
1735 u_int32_t soft_lifetime, u_int32_t hard_lifetime)
1736 {
1737 job_t *job;
1738
1739 if (soft_lifetime)
1740 {
1741 this->time.rekey = this->time.established + soft_lifetime;
1742 job = (job_t*)rekey_ike_sa_job_create(this->ike_sa_id);
1743 charon->event_queue->add_relative(charon->event_queue, job,
1744 soft_lifetime * 1000);
1745 }
1746
1747 if (hard_lifetime)
1748 {
1749 this->time.delete = this->time.established + hard_lifetime;
1750 job = (job_t*)delete_ike_sa_job_create(this->ike_sa_id, TRUE);
1751 charon->event_queue->add_relative(charon->event_queue, job,
1752 hard_lifetime * 1000);
1753 }
1754 }
1755
1756 /**
1757 * Implementation of ike_sa_t.rekey.
1758 */
1759 static status_t rekey(private_ike_sa_t *this)
1760 {
1761 rekey_ike_sa_t *rekey_ike_sa;
1762
1763 DBG1(DBG_IKE, "rekeying IKE_SA between %H[%D]..%H[%D]",
1764 this->my_host, this->my_id, this->other_host, this->other_id);
1765
1766 if (this->state != IKE_ESTABLISHED)
1767 {
1768 SIG(IKE_REKEY_START, "rekeying IKE_SA");
1769 SIG(IKE_REKEY_FAILED, "unable to rekey IKE_SA in state %N",
1770 ike_sa_state_names, this->state);
1771 return FAILED;
1772 }
1773
1774 rekey_ike_sa = rekey_ike_sa_create(&this->public);
1775 return queue_transaction(this, (transaction_t*)rekey_ike_sa, FALSE);
1776 }
1777
1778 /**
1779 * Implementation of ike_sa_t.get_rekeying_transaction.
1780 */
1781 static transaction_t* get_rekeying_transaction(private_ike_sa_t *this)
1782 {
1783 return this->rekeying_transaction;
1784 }
1785
1786 /**
1787 * Implementation of ike_sa_t.set_rekeying_transaction.
1788 */
1789 static void set_rekeying_transaction(private_ike_sa_t *this, transaction_t *rekey)
1790 {
1791 this->rekeying_transaction = rekey;
1792 }
1793
1794 /**
1795 * Implementation of ike_sa_t.adopt_children.
1796 */
1797 static void adopt_children(private_ike_sa_t *this, private_ike_sa_t *other)
1798 {
1799 child_sa_t *child_sa;
1800
1801 while (other->child_sas->remove_last(other->child_sas,
1802 (void**)&child_sa) == SUCCESS)
1803 {
1804 this->child_sas->insert_first(this->child_sas, (void*)child_sa);
1805 }
1806 }
1807
1808 /**
1809 * Implementation of public_ike_sa_t.delete.
1810 */
1811 static status_t delete_(private_ike_sa_t *this)
1812 {
1813 switch (this->state)
1814 {
1815 case IKE_CONNECTING:
1816 {
1817 /* this may happen if a half open IKE_SA gets closed after a
1818 * timeout. We signal here UP_FAILED to complete the SIG schema */
1819 SIG(IKE_UP_FAILED, "half open IKE_SA deleted after timeout");
1820 return DESTROY_ME;
1821 }
1822 case IKE_ESTABLISHED:
1823 {
1824 delete_ike_sa_t *delete_ike_sa;
1825 if (this->transaction_out)
1826 {
1827 /* already a transaction in progress. As this may hang
1828 * around a while, we don't inform the other peer. */
1829 return DESTROY_ME;
1830 }
1831 delete_ike_sa = delete_ike_sa_create(&this->public);
1832 return queue_transaction(this, (transaction_t*)delete_ike_sa, FALSE);
1833 }
1834 case IKE_CREATED:
1835 case IKE_DELETING:
1836 default:
1837 {
1838 SIG(IKE_DOWN_START, "closing IKE_SA");
1839 SIG(IKE_DOWN_SUCCESS, "IKE_SA closed between %H[%D]...%H[%D]",
1840 this->my_host, this->my_id, this->other_host, this->other_id);
1841 return DESTROY_ME;
1842 }
1843 }
1844 }
1845
1846 /**
1847 * Implementation of ike_sa_t.get_next_message_id.
1848 */
1849 static u_int32_t get_next_message_id (private_ike_sa_t *this)
1850 {
1851 return this->message_id_out++;
1852 }
1853
1854 /**
1855 * Implementation of ike_sa_t.is_natt_enabled.
1856 */
1857 static bool is_natt_enabled(private_ike_sa_t *this)
1858 {
1859 return this->nat_here || this->nat_there;
1860 }
1861
1862 /**
1863 * Implementation of ike_sa_t.enable_natt.
1864 */
1865 static void enable_natt(private_ike_sa_t *this, bool local)
1866 {
1867 if (local)
1868 {
1869 DBG1(DBG_IKE, "local host is behind NAT, using NAT-T, "
1870 "scheduled keep alives");
1871 this->nat_here = TRUE;
1872 send_keepalive(this);
1873 }
1874 else
1875 {
1876 DBG1(DBG_IKE, "remote host is behind NAT, using NAT-T");
1877 this->nat_there = TRUE;
1878 }
1879 }
1880
1881 /**
1882 * output handler in printf()
1883 */
1884 static int print(FILE *stream, const struct printf_info *info,
1885 const void *const *args)
1886 {
1887 private_ike_sa_t *this = *((private_ike_sa_t**)(args[0]));
1888
1889 if (this == NULL)
1890 {
1891 return fprintf(stream, "(null)");
1892 }
1893
1894 return fprintf(stream, "%10s: %N, %H[%D]...%H[%D] (%J)",
1895 this->name, ike_sa_state_names, this->state,
1896 this->my_host, this->my_id, this->other_host, this->other_id,
1897 this->ike_sa_id);
1898 }
1899
1900 /**
1901 * arginfo handler in printf()
1902 */
1903 static int print_arginfo(const struct printf_info *info, size_t n, int *argtypes)
1904 {
1905 if (n > 0)
1906 {
1907 argtypes[0] = PA_POINTER;
1908 }
1909 return 1;
1910 }
1911
1912 /**
1913 * register printf() handlers
1914 */
1915 static void __attribute__ ((constructor))print_register()
1916 {
1917 register_printf_function(IKE_SA_PRINTF_SPEC, print, print_arginfo);
1918 }
1919
1920 /**
1921 * Implementation of ike_sa_t.destroy.
1922 */
1923 static void destroy(private_ike_sa_t *this)
1924 {
1925 this->child_sas->destroy_offset(this->child_sas, offsetof(child_sa_t, destroy));
1926 this->transaction_queue->destroy_offset(this->transaction_queue, offsetof(transaction_t, destroy));
1927
1928 DESTROY_IF(this->transaction_in);
1929 DESTROY_IF(this->transaction_in_next);
1930 DESTROY_IF(this->transaction_out);
1931 DESTROY_IF(this->crypter_in);
1932 DESTROY_IF(this->crypter_out);
1933 DESTROY_IF(this->signer_in);
1934 DESTROY_IF(this->signer_out);
1935 DESTROY_IF(this->prf);
1936 DESTROY_IF(this->child_prf);
1937 DESTROY_IF(this->auth_verify);
1938 DESTROY_IF(this->auth_build);
1939
1940 DESTROY_IF(this->my_host);
1941 DESTROY_IF(this->other_host);
1942 DESTROY_IF(this->my_id);
1943 DESTROY_IF(this->other_id);
1944
1945 free(this->name);
1946 this->ike_sa_id->destroy(this->ike_sa_id);
1947 free(this);
1948 }
1949
1950 /*
1951 * Described in header.
1952 */
1953 ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id)
1954 {
1955 private_ike_sa_t *this = malloc_thing(private_ike_sa_t);
1956
1957 /* Public functions */
1958 this->public.get_state = (ike_sa_state_t(*)(ike_sa_t*)) get_state;
1959 this->public.set_state = (void(*)(ike_sa_t*,ike_sa_state_t)) set_state;
1960 this->public.get_name = (char*(*)(ike_sa_t*))get_name;
1961 this->public.set_name = (void(*)(ike_sa_t*,char*))set_name;
1962 this->public.process_message = (status_t(*)(ike_sa_t*, message_t*)) process_message;
1963 this->public.initiate = (status_t(*)(ike_sa_t*,connection_t*,policy_t*)) initiate;
1964 this->public.route = (status_t(*)(ike_sa_t*,connection_t*,policy_t*)) route;
1965 this->public.unroute = (status_t(*)(ike_sa_t*,policy_t*)) unroute;
1966 this->public.acquire = (status_t(*)(ike_sa_t*,u_int32_t)) acquire;
1967 this->public.get_id = (ike_sa_id_t*(*)(ike_sa_t*)) get_id;
1968 this->public.get_my_host = (host_t*(*)(ike_sa_t*)) get_my_host;
1969 this->public.set_my_host = (void(*)(ike_sa_t*,host_t*)) set_my_host;
1970 this->public.get_other_host = (host_t*(*)(ike_sa_t*)) get_other_host;
1971 this->public.set_other_host = (void(*)(ike_sa_t*,host_t*)) set_other_host;
1972 this->public.get_my_id = (identification_t*(*)(ike_sa_t*)) get_my_id;
1973 this->public.set_my_id = (void(*)(ike_sa_t*,identification_t*)) set_my_id;
1974 this->public.get_other_id = (identification_t*(*)(ike_sa_t*)) get_other_id;
1975 this->public.set_other_id = (void(*)(ike_sa_t*,identification_t*)) set_other_id;
1976 this->public.get_next_message_id = (u_int32_t(*)(ike_sa_t*)) get_next_message_id;
1977 this->public.retransmit_request = (status_t (*) (ike_sa_t *, u_int32_t)) retransmit_request;
1978 this->public.delete = (status_t(*)(ike_sa_t*))delete_;
1979 this->public.destroy = (void(*)(ike_sa_t*))destroy;
1980 this->public.send_dpd = (status_t (*)(ike_sa_t*)) send_dpd;
1981 this->public.send_keepalive = (void (*)(ike_sa_t*)) send_keepalive;
1982 this->public.get_prf = (prf_t *(*) (ike_sa_t *)) get_prf;
1983 this->public.get_child_prf = (prf_t *(*) (ike_sa_t *)) get_child_prf;
1984 this->public.get_auth_verify = (prf_t *(*) (ike_sa_t *)) get_auth_verify;
1985 this->public.get_auth_build = (prf_t *(*) (ike_sa_t *)) get_auth_build;
1986 this->public.derive_keys = (status_t (*) (ike_sa_t *,proposal_t*,diffie_hellman_t*,chunk_t,chunk_t,bool,prf_t*,prf_t*)) derive_keys;
1987 this->public.add_child_sa = (void (*) (ike_sa_t*,child_sa_t*)) add_child_sa;
1988 this->public.has_child_sa = (bool(*)(ike_sa_t*,u_int32_t)) has_child_sa;
1989 this->public.get_child_sa = (child_sa_t* (*)(ike_sa_t*,protocol_id_t,u_int32_t,bool)) get_child_sa;
1990 this->public.create_child_sa_iterator = (iterator_t* (*)(ike_sa_t*)) create_child_sa_iterator;
1991 this->public.rekey_child_sa = (status_t(*)(ike_sa_t*,protocol_id_t,u_int32_t)) rekey_child_sa;
1992 this->public.delete_child_sa = (status_t(*)(ike_sa_t*,protocol_id_t,u_int32_t)) delete_child_sa;
1993 this->public.destroy_child_sa = (status_t (*)(ike_sa_t*,protocol_id_t,u_int32_t))destroy_child_sa;
1994 this->public.enable_natt = (void(*)(ike_sa_t*, bool)) enable_natt;
1995 this->public.is_natt_enabled = (bool(*)(ike_sa_t*)) is_natt_enabled;
1996 this->public.set_lifetimes = (void(*)(ike_sa_t*,u_int32_t,u_int32_t))set_lifetimes;
1997 this->public.apply_connection = (void(*)(ike_sa_t*,connection_t*))apply_connection;
1998 this->public.rekey = (status_t(*)(ike_sa_t*))rekey;
1999 this->public.get_rekeying_transaction = (transaction_t*(*)(ike_sa_t*))get_rekeying_transaction;
2000 this->public.set_rekeying_transaction = (void(*)(ike_sa_t*,transaction_t*))set_rekeying_transaction;
2001 this->public.adopt_children = (void(*)(ike_sa_t*,ike_sa_t*))adopt_children;
2002
2003 /* initialize private fields */
2004 this->ike_sa_id = ike_sa_id->clone(ike_sa_id);
2005 this->name = strdup("(uninitialized)");
2006 this->child_sas = linked_list_create();
2007 this->my_host = host_create_from_string("0.0.0.0", 0);
2008 this->other_host = host_create_from_string("0.0.0.0", 0);
2009 this->my_id = identification_create_from_encoding(ID_ANY, CHUNK_INITIALIZER);
2010 this->other_id = identification_create_from_encoding(ID_ANY, CHUNK_INITIALIZER);
2011 this->crypter_in = NULL;
2012 this->crypter_out = NULL;
2013 this->signer_in = NULL;
2014 this->signer_out = NULL;
2015 this->prf = NULL;
2016 this->auth_verify = NULL;
2017 this->auth_build = NULL;
2018 this->child_prf = NULL;
2019 this->nat_here = FALSE;
2020 this->nat_there = FALSE;
2021 this->transaction_queue = linked_list_create();
2022 this->transaction_in = NULL;
2023 this->transaction_in_next = NULL;
2024 this->transaction_out = NULL;
2025 this->rekeying_transaction = NULL;
2026 this->state = IKE_CREATED;
2027 this->message_id_out = 0;
2028 /* set to NOW, as when we rekey an existing IKE_SA no message is exchanged
2029 * and inbound therefore uninitialized */
2030 this->time.inbound = this->time.outbound = time(NULL);
2031 this->time.established = 0;
2032 this->time.rekey = 0;
2033 this->time.delete = 0;
2034 this->dpd_delay = 0;
2035 this->retrans_sequences = 0;
2036
2037 return &this->public;
2038 }