60266a51f0bcb1fd1c55f1fccdd95e63dab999fe
[strongswan.git] / src / charon / sa / ike_sa.c
1 /**
2 * @file ike_sa.c
3 *
4 * @brief Implementation of ike_sa_t.
5 *
6 */
7
8 /*
9 * Copyright (C) 2006 Tobias Brunner, Daniel Roethlisberger
10 * Copyright (C) 2005-2006 Martin Willi
11 * Copyright (C) 2005 Jan Hutter
12 * Hochschule fuer Technik Rapperswil
13 *
14 * This program is free software; you can redistribute it and/or modify it
15 * under the terms of the GNU General Public License as published by the
16 * Free Software Foundation; either version 2 of the License, or (at your
17 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
18 *
19 * This program is distributed in the hope that it will be useful, but
20 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
21 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
22 * for more details.
23 */
24
25 #include <sys/time.h>
26 #include <string.h>
27 #include <printf.h>
28
29 #include "ike_sa.h"
30
31 #include <library.h>
32 #include <daemon.h>
33 #include <utils/linked_list.h>
34 #include <crypto/diffie_hellman.h>
35 #include <crypto/prf_plus.h>
36 #include <crypto/crypters/crypter.h>
37 #include <crypto/hashers/hasher.h>
38 #include <encoding/payloads/sa_payload.h>
39 #include <encoding/payloads/nonce_payload.h>
40 #include <encoding/payloads/ke_payload.h>
41 #include <encoding/payloads/delete_payload.h>
42 #include <encoding/payloads/transform_substructure.h>
43 #include <encoding/payloads/transform_attribute.h>
44 #include <encoding/payloads/ts_payload.h>
45 #include <sa/transactions/transaction.h>
46 #include <sa/transactions/ike_sa_init.h>
47 #include <sa/transactions/delete_ike_sa.h>
48 #include <sa/transactions/create_child_sa.h>
49 #include <sa/transactions/delete_child_sa.h>
50 #include <sa/transactions/dead_peer_detection.h>
51 #include <sa/transactions/rekey_ike_sa.h>
52 #include <queues/jobs/retransmit_request_job.h>
53 #include <queues/jobs/delete_ike_sa_job.h>
54 #include <queues/jobs/send_dpd_job.h>
55 #include <queues/jobs/send_keepalive_job.h>
56 #include <queues/jobs/rekey_ike_sa_job.h>
57 #include <queues/jobs/route_job.h>
58 #include <queues/jobs/initiate_job.h>
59
60 ENUM(ike_sa_state_names, IKE_CREATED, IKE_DELETING,
61 "CREATED",
62 "CONNECTING",
63 "ESTABLISHED",
64 "REKEYING",
65 "DELETING",
66 );
67
68 typedef struct private_ike_sa_t private_ike_sa_t;
69
70 /**
71 * Private data of an ike_sa_t object.
72 */
73 struct private_ike_sa_t {
74
75 /**
76 * Public members
77 */
78 ike_sa_t public;
79
80 /**
81 * Identifier for the current IKE_SA.
82 */
83 ike_sa_id_t *ike_sa_id;
84
85 /**
86 * Current state of the IKE_SA
87 */
88 ike_sa_state_t state;
89
90 /**
91 * Name of the connection used by this IKE_SA
92 */
93 char *name;
94
95 /**
96 * Address of local host
97 */
98 host_t *my_host;
99
100 /**
101 * Address of remote host
102 */
103 host_t *other_host;
104
105 /**
106 * Identification used for us
107 */
108 identification_t *my_id;
109
110 /**
111 * Identification used for other
112 */
113 identification_t *other_id;
114
115 /**
116 * Linked List containing the child sa's of the current IKE_SA.
117 */
118 linked_list_t *child_sas;
119
120 /**
121 * crypter for inbound traffic
122 */
123 crypter_t *crypter_in;
124
125 /**
126 * crypter for outbound traffic
127 */
128 crypter_t *crypter_out;
129
130 /**
131 * Signer for inbound traffic
132 */
133 signer_t *signer_in;
134
135 /**
136 * Signer for outbound traffic
137 */
138 signer_t *signer_out;
139
140 /**
141 * Multi purpose prf, set key, use it, forget it
142 */
143 prf_t *prf;
144
145 /**
146 * Prf function for derivating keymat child SAs
147 */
148 prf_t *child_prf;
149
150 /**
151 * PRF to build outging authentication data
152 */
153 prf_t *auth_build;
154
155 /**
156 * PRF to verify incoming authentication data
157 */
158 prf_t *auth_verify;
159
160 /**
161 * NAT hasher.
162 */
163 hasher_t *nat_hasher;
164
165 /**
166 * NAT status of local host.
167 */
168 bool nat_here;
169
170 /**
171 * NAT status of remote host.
172 */
173 bool nat_there;
174
175 /**
176 * message ID for next outgoung request
177 */
178 u_int32_t message_id_out;
179
180 /**
181 * Timestamps for this IKE_SA
182 */
183 struct {
184 /** last IKE message received */
185 u_int32_t inbound;
186 /** last IKE message sent */
187 u_int32_t outbound;
188 /** when IKE_SA became established */
189 u_int32_t established;
190 /** when IKE_SA gets rekeyed */
191 u_int32_t rekey;
192 /** when IKE_SA gets deleted */
193 u_int32_t delete;
194 } time;
195
196 /**
197 * interval to send DPD liveness check
198 */
199 time_t dpd_delay;
200
201 /**
202 * number of retransmit sequences to go through before giving up (keyingtries)
203 */
204 u_int32_t retrans_sequences;
205
206 /**
207 * List of queued transactions to process
208 */
209 linked_list_t *transaction_queue;
210
211 /**
212 * Transaction currently initiated
213 * (only one supported yet, window size = 1)
214 */
215 transaction_t *transaction_out;
216
217 /**
218 * last transaction initiated by peer processed.
219 * (only one supported yet, window size = 1)
220 * Stored for retransmission.
221 */
222 transaction_t *transaction_in;
223
224 /**
225 * Next incoming transaction expected. Used to
226 * do multi transaction operations.
227 */
228 transaction_t *transaction_in_next;
229
230 /**
231 * Transaction which rekeys this IKE_SA, used do detect simultaneus rekeying
232 */
233 transaction_t *rekeying_transaction;
234 };
235
236 /**
237 * get the time of the latest traffic processed by the kernel
238 */
239 static time_t get_kernel_time(private_ike_sa_t* this, bool inbound)
240 {
241 iterator_t *iterator;
242 child_sa_t *child_sa;
243 time_t latest = 0, use_time;
244
245 iterator = this->child_sas->create_iterator(this->child_sas, TRUE);
246 while (iterator->iterate(iterator, (void**)&child_sa))
247 {
248 if (child_sa->get_use_time(child_sa, inbound, &use_time) == SUCCESS)
249 {
250 latest = max(latest, use_time);
251 }
252 }
253 iterator->destroy(iterator);
254
255 return latest;
256 }
257
258 /**
259 * get the time of the latest received traffice
260 */
261 static time_t get_time_inbound(private_ike_sa_t *this)
262 {
263 return max(this->time.inbound, get_kernel_time(this, TRUE));
264 }
265
266 /**
267 * get the time of the latest sent traffic
268 */
269 static time_t get_time_outbound(private_ike_sa_t *this)
270 {
271 return max(this->time.outbound, get_kernel_time(this, FALSE));
272 }
273
274 /**
275 * Implementation of ike_sa_t.get_name.
276 */
277 static char *get_name(private_ike_sa_t *this)
278 {
279 return this->name;
280 }
281
282 /**
283 * Implementation of ike_sa_t.set_name.
284 */
285 static void set_name(private_ike_sa_t *this, char* name)
286 {
287 free(this->name);
288 this->name = strdup(name);
289 }
290
291 /**
292 * Implementation of ike_sa_t.apply_connection.
293 */
294 static void apply_connection(private_ike_sa_t *this, connection_t *connection)
295 {
296 this->dpd_delay = connection->get_dpd_delay(connection);
297 this->retrans_sequences = connection->get_retrans_seq(connection);
298 }
299
300 /**
301 * Implementation of ike_sa_t.get_my_host.
302 */
303 static host_t *get_my_host(private_ike_sa_t *this)
304 {
305 return this->my_host;
306 }
307
308 /**
309 * Implementation of ike_sa_t.set_my_host.
310 */
311 static void set_my_host(private_ike_sa_t *this, host_t *me)
312 {
313 DESTROY_IF(this->my_host);
314 this->my_host = me;
315 }
316
317 /**
318 * Implementation of ike_sa_t.get_other_host.
319 */
320 static host_t *get_other_host(private_ike_sa_t *this)
321 {
322 return this->other_host;
323 }
324
325 /**
326 * Implementation of ike_sa_t.set_other_host.
327 */
328 static void set_other_host(private_ike_sa_t *this, host_t *other)
329 {
330 DESTROY_IF(this->other_host);
331 this->other_host = other;
332 }
333
334 /**
335 * Update connection host, as addresses may change (NAT)
336 */
337 static void update_hosts(private_ike_sa_t *this, host_t *me, host_t *other)
338 {
339 /*
340 * Quoting RFC 4306:
341 *
342 * 2.11. Address and Port Agility
343 *
344 * IKE runs over UDP ports 500 and 4500, and implicitly sets up ESP and
345 * AH associations for the same IP addresses it runs over. The IP
346 * addresses and ports in the outer header are, however, not themselves
347 * cryptographically protected, and IKE is designed to work even through
348 * Network Address Translation (NAT) boxes. An implementation MUST
349 * accept incoming requests even if the source port is not 500 or 4500,
350 * and MUST respond to the address and port from which the request was
351 * received. It MUST specify the address and port at which the request
352 * was received as the source address and port in the response. IKE
353 * functions identically over IPv4 or IPv6.
354 *
355 * [...]
356 *
357 * There are cases where a NAT box decides to remove mappings that
358 * are still alive (for example, the keepalive interval is too long,
359 * or the NAT box is rebooted). To recover in these cases, hosts
360 * that are not behind a NAT SHOULD send all packets (including
361 * retransmission packets) to the IP address and port from the last
362 * valid authenticated packet from the other end (i.e., dynamically
363 * update the address). A host behind a NAT SHOULD NOT do this
364 * because it opens a DoS attack possibility. Any authenticated IKE
365 * packet or any authenticated UDP-encapsulated ESP packet can be
366 * used to detect that the IP address or the port has changed.
367 */
368 iterator_t *iterator = NULL;
369 child_sa_t *child_sa = NULL;
370 host_diff_t my_diff, other_diff;
371
372 if (this->my_host->is_anyaddr(this->my_host) ||
373 this->other_host->is_anyaddr(this->other_host))
374 {
375 /* on first received message */
376 this->my_host->destroy(this->my_host);
377 this->my_host = me->clone(me);
378 this->other_host->destroy(this->other_host);
379 this->other_host = other->clone(other);
380 return;
381 }
382
383 my_diff = me->get_differences(me, this->my_host);
384 other_diff = other->get_differences(other, this->other_host);
385
386 if (!my_diff && !other_diff)
387 {
388 return;
389 }
390
391 if (my_diff)
392 {
393 this->my_host->destroy(this->my_host);
394 this->my_host = me->clone(me);
395 }
396
397 if (!this->nat_here)
398 {
399 /* update without restrictions if we are not NATted */
400 if (other_diff)
401 {
402 this->other_host->destroy(this->other_host);
403 this->other_host = other->clone(other);
404 }
405 }
406 else
407 {
408 /* if we are natted, only port may change */
409 if (other_diff & HOST_DIFF_ADDR)
410 {
411 return;
412 }
413 else if (other_diff & HOST_DIFF_PORT)
414 {
415 this->other_host->set_port(this->other_host, other->get_port(other));
416 }
417 }
418 iterator = this->child_sas->create_iterator(this->child_sas, TRUE);
419 while (iterator->iterate(iterator, (void**)&child_sa))
420 {
421 child_sa->update_hosts(child_sa, this->my_host, this->other_host,
422 my_diff, other_diff);
423 /* TODO: what to do if update fails? Delete CHILD_SA? */
424 }
425 iterator->destroy(iterator);
426 }
427
428 /**
429 * called when the peer is not responding anymore
430 */
431 static void dpd_detected(private_ike_sa_t *this)
432 {
433 connection_t *connection = NULL;
434 policy_t *policy;
435 linked_list_t *my_ts, *other_ts;
436 child_sa_t* child_sa;
437 dpd_action_t action;
438 job_t *job;
439
440 DBG2(DBG_IKE, "dead peer detected, handling CHILD_SAs dpd action");
441
442 /* check for childrens with dpdaction = hold */
443 while(this->child_sas->remove_first(this->child_sas,
444 (void**)&child_sa) == SUCCESS)
445 {
446 /* get the policy which belongs to this CHILD */
447 my_ts = child_sa->get_my_traffic_selectors(child_sa);
448 other_ts = child_sa->get_other_traffic_selectors(child_sa);
449 policy = charon->policies->get_policy(charon->policies,
450 this->my_id, this->other_id,
451 my_ts, other_ts,
452 this->my_host, this->other_host,
453 NULL);
454 if (policy == NULL)
455 {
456 DBG1(DBG_IKE, "no policy for CHILD to handle DPD");
457 continue;
458 }
459
460 action = policy->get_dpd_action(policy);
461 /* get a connection for further actions */
462 if (connection == NULL &&
463 (action == DPD_ROUTE || action == DPD_RESTART))
464 {
465 connection = charon->connections->get_connection_by_hosts(
466 charon->connections,
467 this->my_host, this->other_host);
468 if (connection == NULL)
469 {
470 SIG(IKE_UP_FAILED, "no connection found to handle DPD");
471 break;
472 }
473 }
474
475 DBG1(DBG_IKE, "dpd action for %s is %N",
476 policy->get_name(policy), dpd_action_names, action);
477
478 switch (action)
479 {
480 case DPD_ROUTE:
481 connection->get_ref(connection);
482 job = (job_t*)route_job_create(connection, policy, TRUE);
483 charon->job_queue->add(charon->job_queue, job);
484 break;
485 case DPD_RESTART:
486 connection->get_ref(connection);
487 job = (job_t*)initiate_job_create(connection, NULL, policy);
488 charon->job_queue->add(charon->job_queue, job);
489 break;
490 default:
491 policy->destroy(policy);
492 break;
493 }
494 child_sa->destroy(child_sa);
495 }
496 DESTROY_IF(connection);
497 }
498
499 /**
500 * send a request and schedule retransmission
501 */
502 static status_t transmit_request(private_ike_sa_t *this)
503 {
504 message_t *request;
505 packet_t *packet;
506 status_t status;
507 retransmit_request_job_t *job;
508 u_int32_t transmitted;
509 u_int32_t timeout;
510 transaction_t *transaction = this->transaction_out;
511 u_int32_t message_id;
512
513 transmitted = transaction->requested(transaction);
514 timeout = charon->configuration->get_retransmit_timeout(charon->configuration,
515 transmitted,
516 this->retrans_sequences);
517 if (timeout == 0)
518 {
519 DBG1(DBG_IKE, "giving up after %d retransmits, deleting IKE_SA",
520 transmitted - 1);
521 dpd_detected(this);
522 return DESTROY_ME;
523 }
524
525 status = transaction->get_request(transaction, &request);
526 if (status != SUCCESS)
527 {
528 /* generating request failed */
529 return status;
530 }
531 message_id = transaction->get_message_id(transaction);
532 /* if we retransmit, the request is already generated */
533 if (transmitted == 0)
534 {
535 status = request->generate(request, this->crypter_out, this->signer_out, &packet);
536 if (status != SUCCESS)
537 {
538 DBG1(DBG_IKE, "request generation failed. transaction discarded");
539 return FAILED;
540 }
541 }
542 else
543 {
544 DBG1(DBG_IKE, "sending retransmit %d for %N request with messageID %d",
545 transmitted, exchange_type_names, request->get_exchange_type(request),
546 message_id);
547 packet = request->get_packet(request);
548 }
549 /* finally send */
550 charon->send_queue->add(charon->send_queue, packet);
551 this->time.outbound = time(NULL);
552
553 /* schedule retransmission job */
554 job = retransmit_request_job_create(message_id, this->ike_sa_id);
555 charon->event_queue->add_relative(charon->event_queue, (job_t*)job, timeout);
556 return SUCCESS;
557 }
558
559 /**
560 * Implementation of ike_sa.retransmit_request.
561 */
562 static status_t retransmit_request(private_ike_sa_t *this, u_int32_t message_id)
563 {
564 if (this->transaction_out == NULL ||
565 this->transaction_out->get_message_id(this->transaction_out) != message_id)
566 {
567 /* no retransmit necessary, transaction did already complete */
568 return SUCCESS;
569 }
570 return transmit_request(this);
571 }
572
573 /**
574 * Check for transactions in the queue and initiate the first transaction found.
575 */
576 static status_t process_transaction_queue(private_ike_sa_t *this)
577 {
578 if (this->transaction_out)
579 {
580 /* already a transaction in progress */
581 return SUCCESS;
582 }
583
584 while (TRUE)
585 {
586 if (this->transaction_queue->remove_first(this->transaction_queue,
587 (void**)&this->transaction_out) != SUCCESS)
588 {
589 /* transaction queue empty */
590 return SUCCESS;
591 }
592 switch (transmit_request(this))
593 {
594 case SUCCESS:
595 return SUCCESS;
596 case DESTROY_ME:
597 /* critical, IKE_SA unusable, destroy immediately */
598 return DESTROY_ME;
599 default:
600 /* discard transaction, process next one */
601 this->transaction_out->destroy(this->transaction_out);
602 this->transaction_out = NULL;
603 /* handle next transaction */
604 continue;
605 }
606 }
607 }
608
609 /**
610 * Queue a new transaction and execute the next outstanding transaction
611 */
612 static status_t queue_transaction(private_ike_sa_t *this, transaction_t *transaction, bool prefer)
613 {
614 /* inject next transaction */
615 if (transaction)
616 {
617 if (prefer)
618 {
619 this->transaction_queue->insert_first(this->transaction_queue, transaction);
620 }
621 else
622 {
623 this->transaction_queue->insert_last(this->transaction_queue, transaction);
624 }
625 }
626 /* process a transaction */
627 return process_transaction_queue(this);
628 }
629
630 /**
631 * process an incoming request.
632 */
633 static status_t process_request(private_ike_sa_t *this, message_t *request)
634 {
635 transaction_t *last, *current = NULL;
636 message_t *response;
637 packet_t *packet;
638 u_int32_t request_mid;
639 status_t status;
640
641 request_mid = request->get_message_id(request);
642 last = this->transaction_in;
643
644 /* check if message ID is correct */
645 if (last)
646 {
647 u_int32_t last_mid = last->get_message_id(last);
648
649 if (last_mid == request_mid)
650 {
651 /* retransmit detected */
652 DBG1(DBG_IKE, "received retransmitted request for message "
653 "ID %d, retransmitting response", request_mid);
654 last->get_response(last, request, &response, &this->transaction_in_next);
655 packet = response->get_packet(response);
656 charon->send_queue->add(charon->send_queue, packet);
657 this->time.outbound = time(NULL);
658 return SUCCESS;
659 }
660
661 if (last_mid > request_mid)
662 {
663 /* something seriously wrong here, message id may not decrease */
664 DBG1(DBG_IKE, "received request with message ID %d, "
665 "excepted %d, ingored", request_mid, last_mid + 1);
666 return FAILED;
667 }
668 /* we allow jumps in message IDs, as long as they are incremental */
669 if (last_mid + 1 < request_mid)
670 {
671 DBG1(DBG_IKE, "received request with message ID %d, excepted %d",
672 request_mid, last_mid + 1);
673 }
674 }
675 else
676 {
677 if (request_mid != 0)
678 {
679 /* warn, but allow it */
680 DBG1(DBG_IKE, "first received request has message ID %d, "
681 "excepted 0", request_mid);
682 }
683 }
684
685 /* check if we already have a pre-created transaction for this request */
686 if (this->transaction_in_next)
687 {
688 current = this->transaction_in_next;
689 this->transaction_in_next = NULL;
690 }
691 else
692 {
693 current = transaction_create(&this->public, request);
694 if (current == NULL)
695 {
696 DBG1(DBG_IKE, "no idea how to handle received message (exchange"
697 " type %d), ignored", request->get_exchange_type(request));
698 return FAILED;
699 }
700 }
701
702 /* send message. get_request() always gives a valid response */
703 status = current->get_response(current, request, &response, &this->transaction_in_next);
704 if (response->generate(response, this->crypter_out, this->signer_out, &packet) != SUCCESS)
705 {
706 DBG1(DBG_IKE, "response generation failed, discarding transaction");
707 current->destroy(current);
708 return FAILED;
709 }
710
711 charon->send_queue->add(charon->send_queue, packet);
712 this->time.outbound = time(NULL);
713 /* act depending on transaction result */
714 switch (status)
715 {
716 case DESTROY_ME:
717 /* transactions says we should destroy the IKE_SA, so do it */
718 current->destroy(current);
719 return DESTROY_ME;
720 default:
721 /* store for retransmission, destroy old transaction */
722 this->transaction_in = current;
723 if (last)
724 {
725 last->destroy(last);
726 }
727 return SUCCESS;
728 }
729 }
730
731 /**
732 * process an incoming response
733 */
734 static status_t process_response(private_ike_sa_t *this, message_t *response)
735 {
736 transaction_t *current, *new = NULL;
737
738 current = this->transaction_out;
739 /* check if message ID is that of our currently active transaction */
740 if (current == NULL ||
741 current->get_message_id(current) != response->get_message_id(response))
742 {
743 DBG1(DBG_IKE, "received response with message ID %d "
744 "not requested, ignored", response->get_message_id(response));
745 return FAILED;
746 }
747
748 switch (current->conclude(current, response, &new))
749 {
750 case DESTROY_ME:
751 /* state requested to destroy IKE_SA */
752 return DESTROY_ME;
753 default:
754 /* discard transaction, process next one */
755 break;
756 }
757 /* transaction comleted, remove */
758 current->destroy(current);
759 this->transaction_out = NULL;
760
761 /* queue new transaction */
762 return queue_transaction(this, new, TRUE);
763 }
764
765 /**
766 * send a notify back to the sender
767 */
768 static void send_notify_response(private_ike_sa_t *this,
769 message_t *request,
770 notify_type_t type)
771 {
772 notify_payload_t *notify;
773 message_t *response;
774 host_t *src, *dst;
775 packet_t *packet;
776
777 response = message_create();
778 dst = request->get_source(request);
779 src = request->get_destination(request);
780 response->set_source(response, src->clone(src));
781 response->set_destination(response, dst->clone(dst));
782 response->set_exchange_type(response, request->get_exchange_type(request));
783 response->set_request(response, FALSE);
784 response->set_message_id(response, request->get_message_id(request));
785 response->set_ike_sa_id(response, this->ike_sa_id);
786 notify = notify_payload_create_from_protocol_and_type(PROTO_NONE, type);
787 response->add_payload(response, (payload_t *)notify);
788 if (response->generate(response, this->crypter_out, this->signer_out, &packet) != SUCCESS)
789 {
790 response->destroy(response);
791 return;
792 }
793 charon->send_queue->add(charon->send_queue, packet);
794 this->time.outbound = time(NULL);
795 response->destroy(response);
796 return;
797 }
798
799
800 /**
801 * Implementation of ike_sa_t.process_message.
802 */
803 static status_t process_message(private_ike_sa_t *this, message_t *message)
804 {
805 status_t status;
806 bool is_request;
807
808 is_request = message->get_request(message);
809
810 status = message->parse_body(message, this->crypter_in, this->signer_in);
811 if (status != SUCCESS)
812 {
813
814 if (is_request)
815 {
816 switch (status)
817 {
818 case NOT_SUPPORTED:
819 DBG1(DBG_IKE, "ciritcal unknown payloads found");
820 if (is_request)
821 {
822 send_notify_response(this, message, UNSUPPORTED_CRITICAL_PAYLOAD);
823 }
824 break;
825 case PARSE_ERROR:
826 DBG1(DBG_IKE, "message parsing failed");
827 if (is_request)
828 {
829 send_notify_response(this, message, INVALID_SYNTAX);
830 }
831 break;
832 case VERIFY_ERROR:
833 DBG1(DBG_IKE, "message verification failed");
834 if (is_request)
835 {
836 send_notify_response(this, message, INVALID_SYNTAX);
837 }
838 break;
839 case FAILED:
840 DBG1(DBG_IKE, "integrity check failed");
841 /* ignored */
842 break;
843 case INVALID_STATE:
844 DBG1(DBG_IKE, "found encrypted message, but no keys available");
845 if (is_request)
846 {
847 send_notify_response(this, message, INVALID_SYNTAX);
848 }
849 default:
850 break;
851 }
852 }
853 DBG1(DBG_IKE, "%N %s with message ID %d processing failed",
854 exchange_type_names, message->get_exchange_type(message),
855 message->get_request(message) ? "request" : "response",
856 message->get_message_id(message));
857 }
858 else
859 {
860 /* check if message is trustworthy, and update connection information */
861 if (this->state == IKE_CREATED ||
862 message->get_exchange_type(message) != IKE_SA_INIT)
863 {
864 update_hosts(this, message->get_destination(message),
865 message->get_source(message));
866 this->time.inbound = time(NULL);
867 }
868 if (is_request)
869 {
870 status = process_request(this, message);
871 }
872 else
873 {
874 status = process_response(this, message);
875 }
876 }
877 return status;
878 }
879
880 /**
881 * Implementation of ike_sa_t.initiate.
882 */
883 static status_t initiate(private_ike_sa_t *this,
884 connection_t *connection, policy_t *policy)
885 {
886 switch (this->state)
887 {
888 case IKE_CREATED:
889 {
890 /* in state CREATED, we must do the ike_sa_init
891 * and ike_auth transactions. Along with these,
892 * a CHILD_SA with the supplied policy is set up.
893 */
894 ike_sa_init_t *ike_sa_init;
895
896 DBG2(DBG_IKE, "initiating new IKE_SA for CHILD_SA");
897 if (this->my_host->is_anyaddr(this->my_host))
898 {
899 this->my_host->destroy(this->my_host);
900 this->my_host = connection->get_my_host(connection);
901 this->my_host = this->my_host->clone(this->my_host);
902 }
903 if (this->other_host->is_anyaddr(this->other_host))
904 {
905 this->other_host->destroy(this->other_host);
906 this->other_host = connection->get_other_host(connection);
907 this->other_host = this->other_host->clone(this->other_host);
908 }
909 if (this->other_host->is_anyaddr(this->other_host))
910 {
911 SIG(IKE_UP_START, "establishing new IKE_SA for CHILD_SA");
912 SIG(IKE_UP_FAILED, "can not initiate a connection to %%any, aborting");
913 policy->destroy(policy);
914 connection->destroy(connection);
915 return DESTROY_ME;
916 }
917
918 this->retrans_sequences = connection->get_retrans_seq(connection);
919 this->dpd_delay = connection->get_dpd_delay(connection);
920
921 this->message_id_out = 1;
922 ike_sa_init = ike_sa_init_create(&this->public);
923 ike_sa_init->set_config(ike_sa_init, connection, policy);
924 return queue_transaction(this, (transaction_t*)ike_sa_init, TRUE);
925 }
926 case IKE_DELETING:
927 case IKE_REKEYING:
928 {
929 /* if we are in DELETING/REKEYING, we deny set up of a policy.
930 * TODO: would it make sense to queue the transaction and adopt
931 * all transactions to the new IKE_SA? */
932 SIG(IKE_UP_START, "creating CHILD_SA in existing IKE_SA");
933 SIG(IKE_UP_FAILED, "creating CHILD_SA discarded, as IKE_SA is in state %N",
934 ike_sa_state_names, this->state);
935 policy->destroy(policy);
936 connection->destroy(connection);
937 return FAILED;
938 }
939 case IKE_CONNECTING:
940 case IKE_ESTABLISHED:
941 {
942 /* if we are ESTABLISHED or CONNECTING, we queue the
943 * transaction to create the CHILD_SA. It gets processed
944 * when the IKE_SA is ready to do so. We don't need the
945 * connection, as the IKE_SA is already established/establishing.
946 */
947 create_child_sa_t *create_child;
948
949 DBG1(DBG_IKE, "creating CHILD_SA in existing IKE_SA");
950 connection->destroy(connection);
951 create_child = create_child_sa_create(&this->public);
952 create_child->set_policy(create_child, policy);
953 return queue_transaction(this, (transaction_t*)create_child, FALSE);
954 }
955 }
956 return FAILED;
957 }
958
959 /**
960 * Implementation of ike_sa_t.acquire.
961 */
962 static status_t acquire(private_ike_sa_t *this, u_int32_t reqid)
963 {
964 connection_t *connection;
965 policy_t *policy;
966 iterator_t *iterator;
967 child_sa_t *current, *child_sa = NULL;
968 linked_list_t *my_ts, *other_ts;
969
970 if (this->state == IKE_DELETING)
971 {
972 SIG(CHILD_UP_START, "acquiring CHILD_SA on kernel request");
973 SIG(CHILD_UP_FAILED, "acquiring CHILD_SA (reqid %d) failed: "
974 "IKE_SA is deleting", reqid);
975 return FAILED;
976 }
977
978 /* find CHILD_SA */
979 iterator = this->child_sas->create_iterator(this->child_sas, TRUE);
980 while (iterator->iterate(iterator, (void**)&current))
981 {
982 if (current->get_reqid(current) == reqid)
983 {
984 child_sa = current;
985 break;
986 }
987 }
988 iterator->destroy(iterator);
989 if (!child_sa)
990 {
991 SIG(CHILD_UP_START, "acquiring CHILD_SA on kernel request");
992 SIG(CHILD_UP_FAILED, "acquiring CHILD_SA (reqid %d) failed: "
993 "CHILD_SA not found", reqid);
994 return FAILED;
995 }
996 my_ts = child_sa->get_my_traffic_selectors(child_sa);
997 other_ts = child_sa->get_other_traffic_selectors(child_sa);
998
999 policy = charon->policies->get_policy(charon->policies,
1000 this->my_id, this->other_id,
1001 my_ts, other_ts,
1002 this->my_host, this->other_host,
1003 NULL);
1004 if (policy == NULL)
1005 {
1006 SIG(CHILD_UP_START, "acquiring CHILD_SA with reqid %d", reqid);
1007 SIG(CHILD_UP_FAILED, "acquiring CHILD_SA (reqid %d) failed: "
1008 "no policy found", reqid);
1009 return FAILED;
1010 }
1011
1012 switch (this->state)
1013 {
1014 case IKE_CREATED:
1015 {
1016 ike_sa_init_t *ike_sa_init;
1017
1018 connection = charon->connections->get_connection_by_hosts(
1019 charon->connections, this->my_host, this->other_host);
1020
1021 if (connection == NULL)
1022 {
1023 SIG(CHILD_UP_START, "acquiring CHILD_SA with reqid %d", reqid);
1024 SIG(CHILD_UP_FAILED, "acquiring CHILD_SA (reqid %d) failed: "
1025 "no connection found to establsih IKE_SA", reqid);
1026 policy->destroy(policy);
1027 return FAILED;
1028 }
1029
1030 DBG1(DBG_IKE, "establishing IKE_SA to acquire CHILD_SA "
1031 "with reqid %d", reqid);
1032
1033 this->message_id_out = 1;
1034 ike_sa_init = ike_sa_init_create(&this->public);
1035 ike_sa_init->set_config(ike_sa_init, connection, policy);
1036 /* reuse existing reqid */
1037 ike_sa_init->set_reqid(ike_sa_init, reqid);
1038 return queue_transaction(this, (transaction_t*)ike_sa_init, TRUE);
1039 }
1040 case IKE_CONNECTING:
1041 case IKE_ESTABLISHED:
1042 {
1043 create_child_sa_t *create_child;
1044
1045 DBG1(DBG_CHD, "acquiring CHILD_SA with reqid %d", reqid);
1046
1047 create_child = create_child_sa_create(&this->public);
1048 create_child->set_policy(create_child, policy);
1049 /* reuse existing reqid */
1050 create_child->set_reqid(create_child, reqid);
1051 return queue_transaction(this, (transaction_t*)create_child, FALSE);
1052 }
1053 default:
1054 break;
1055 }
1056 return FAILED;
1057 }
1058
1059 /**
1060 * compare two lists of traffic selectors for equality
1061 */
1062 static bool ts_list_equals(linked_list_t *l1, linked_list_t *l2)
1063 {
1064 bool equals = TRUE;
1065 iterator_t *i1, *i2;
1066 traffic_selector_t *t1, *t2;
1067
1068 if (l1->get_count(l1) != l2->get_count(l2))
1069 {
1070 return FALSE;
1071 }
1072
1073 i1 = l1->create_iterator(l1, TRUE);
1074 i2 = l2->create_iterator(l2, TRUE);
1075 while (i1->iterate(i1, (void**)&t1) && i2->iterate(i2, (void**)&t2))
1076 {
1077 if (!t1->equals(t1, t2))
1078 {
1079 equals = FALSE;
1080 break;
1081 }
1082 }
1083 i1->destroy(i1);
1084 i2->destroy(i2);
1085 return equals;
1086 }
1087
1088 /**
1089 * Implementation of ike_sa_t.route.
1090 */
1091 static status_t route(private_ike_sa_t *this, connection_t *connection, policy_t *policy)
1092 {
1093 child_sa_t *child_sa = NULL;
1094 iterator_t *iterator;
1095 linked_list_t *my_ts, *other_ts;
1096 status_t status;
1097
1098 SIG(CHILD_ROUTE_START, "routing CHILD_SA");
1099
1100 /* check if not already routed*/
1101 iterator = this->child_sas->create_iterator(this->child_sas, TRUE);
1102 while (iterator->iterate(iterator, (void**)&child_sa))
1103 {
1104 if (child_sa->get_state(child_sa) == CHILD_ROUTED)
1105 {
1106 linked_list_t *my_ts_conf, *other_ts_conf;
1107
1108 my_ts = child_sa->get_my_traffic_selectors(child_sa);
1109 other_ts = child_sa->get_other_traffic_selectors(child_sa);
1110
1111 my_ts_conf = policy->get_my_traffic_selectors(policy, this->my_host);
1112 other_ts_conf = policy->get_other_traffic_selectors(policy, this->other_host);
1113
1114 if (ts_list_equals(my_ts, my_ts_conf) &&
1115 ts_list_equals(other_ts, other_ts_conf))
1116 {
1117 iterator->destroy(iterator);
1118 my_ts_conf->destroy_offset(my_ts_conf, offsetof(traffic_selector_t, destroy));
1119 other_ts_conf->destroy_offset(other_ts_conf, offsetof(traffic_selector_t, destroy));
1120 SIG(CHILD_ROUTE_FAILED, "CHILD_SA with such a policy already routed");
1121 return FAILED;
1122 }
1123 my_ts_conf->destroy_offset(my_ts_conf, offsetof(traffic_selector_t, destroy));
1124 other_ts_conf->destroy_offset(other_ts_conf, offsetof(traffic_selector_t, destroy));
1125 }
1126 }
1127 iterator->destroy(iterator);
1128
1129 switch (this->state)
1130 {
1131 case IKE_CREATED:
1132 case IKE_CONNECTING:
1133 /* we update IKE_SA information as good as possible,
1134 * this allows us to set up the SA later when an acquire comes in. */
1135 if (this->my_id->get_type(this->my_id) == ID_ANY)
1136 {
1137 this->my_id->destroy(this->my_id);
1138 this->my_id = policy->get_my_id(policy);
1139 this->my_id = this->my_id->clone(this->my_id);
1140 }
1141 if (this->other_id->get_type(this->other_id) == ID_ANY)
1142 {
1143 this->other_id->destroy(this->other_id);
1144 this->other_id = policy->get_other_id(policy);
1145 this->other_id = this->other_id->clone(this->other_id);
1146 }
1147 if (this->my_host->is_anyaddr(this->my_host))
1148 {
1149 this->my_host->destroy(this->my_host);
1150 this->my_host = connection->get_my_host(connection);
1151 this->my_host = this->my_host->clone(this->my_host);
1152 }
1153 if (this->other_host->is_anyaddr(this->other_host))
1154 {
1155 this->other_host->destroy(this->other_host);
1156 this->other_host = connection->get_other_host(connection);
1157 this->other_host = this->other_host->clone(this->other_host);
1158 }
1159 set_name(this, connection->get_name(connection));
1160 this->retrans_sequences = connection->get_retrans_seq(connection);
1161 this->dpd_delay = connection->get_dpd_delay(connection);
1162 break;
1163 case IKE_ESTABLISHED:
1164 case IKE_REKEYING:
1165 /* nothing to do. We allow it for rekeying, as it will be
1166 * adopted by the new IKE_SA */
1167 break;
1168 case IKE_DELETING:
1169 /* TODO: hanlde this case, create a new IKE_SA and route CHILD_SA */
1170 SIG(CHILD_ROUTE_FAILED, "unable to route CHILD_SA, as its IKE_SA gets deleted");
1171 return FAILED;
1172 }
1173
1174 child_sa = child_sa_create(0, this->my_host, this->other_host,
1175 this->my_id, this->other_id,
1176 0, 0,
1177 NULL, policy->get_hostaccess(policy),
1178 FALSE);
1179 child_sa->set_name(child_sa, policy->get_name(policy));
1180 my_ts = policy->get_my_traffic_selectors(policy, this->my_host);
1181 other_ts = policy->get_other_traffic_selectors(policy, this->other_host);
1182 status = child_sa->add_policies(child_sa, my_ts, other_ts,
1183 policy->get_mode(policy));
1184 my_ts->destroy_offset(my_ts, offsetof(traffic_selector_t, destroy));
1185 other_ts->destroy_offset(other_ts, offsetof(traffic_selector_t, destroy));
1186 this->child_sas->insert_last(this->child_sas, child_sa);
1187 SIG(CHILD_ROUTE_SUCCESS, "CHILD_SA routed");
1188 return status;
1189 }
1190
1191 /**
1192 * Implementation of ike_sa_t.unroute.
1193 */
1194 static status_t unroute(private_ike_sa_t *this, policy_t *policy)
1195 {
1196 iterator_t *iterator;
1197 child_sa_t *child_sa = NULL;
1198 bool found = FALSE;
1199 linked_list_t *my_ts, *other_ts, *my_ts_conf, *other_ts_conf;
1200
1201 SIG(CHILD_UNROUTE_START, "unrouting CHILD_SA");
1202
1203 /* find CHILD_SA in ROUTED state */
1204 iterator = this->child_sas->create_iterator(this->child_sas, TRUE);
1205 while (iterator->iterate(iterator, (void**)&child_sa))
1206 {
1207 if (child_sa->get_state(child_sa) == CHILD_ROUTED)
1208 {
1209 my_ts = child_sa->get_my_traffic_selectors(child_sa);
1210 other_ts = child_sa->get_other_traffic_selectors(child_sa);
1211
1212 my_ts_conf = policy->get_my_traffic_selectors(policy, this->my_host);
1213 other_ts_conf = policy->get_other_traffic_selectors(policy, this->other_host);
1214
1215 if (ts_list_equals(my_ts, my_ts_conf) &&
1216 ts_list_equals(other_ts, other_ts_conf))
1217 {
1218 iterator->remove(iterator);
1219 SIG(CHILD_UNROUTE_SUCCESS, "CHILD_SA unrouted");
1220 child_sa->destroy(child_sa);
1221 my_ts_conf->destroy_offset(my_ts_conf, offsetof(traffic_selector_t, destroy));
1222 other_ts_conf->destroy_offset(other_ts_conf, offsetof(traffic_selector_t, destroy));
1223 found = TRUE;
1224 break;
1225 }
1226 my_ts_conf->destroy_offset(my_ts_conf, offsetof(traffic_selector_t, destroy));
1227 other_ts_conf->destroy_offset(other_ts_conf, offsetof(traffic_selector_t, destroy));
1228 }
1229 }
1230 iterator->destroy(iterator);
1231
1232 if (!found)
1233 {
1234 SIG(CHILD_UNROUTE_FAILED, "CHILD_SA to unroute not found");
1235 return FAILED;
1236 }
1237 /* if we are not established, and we have no more routed childs, remove whole SA */
1238 if (this->state == IKE_CREATED &&
1239 this->child_sas->get_count(this->child_sas) == 0)
1240 {
1241 return DESTROY_ME;
1242 }
1243 return SUCCESS;
1244 }
1245
1246 /**
1247 * Implementation of ike_sa_t.send_dpd
1248 */
1249 static status_t send_dpd(private_ike_sa_t *this)
1250 {
1251 send_dpd_job_t *job;
1252 time_t diff;
1253
1254 if (this->dpd_delay == 0)
1255 {
1256 /* DPD disabled */
1257 return SUCCESS;
1258 }
1259
1260 if (this->transaction_out)
1261 {
1262 /* there is a transaction in progress. Come back later */
1263 diff = 0;
1264 }
1265 else
1266 {
1267 /* check if there was any inbound traffic */
1268 time_t last_in, now;
1269 last_in = get_time_inbound(this);
1270 now = time(NULL);
1271 diff = now - last_in;
1272 if (diff >= this->dpd_delay)
1273 {
1274 /* to long ago, initiate dead peer detection */
1275 dead_peer_detection_t *dpd;
1276 DBG1(DBG_IKE, "sending DPD request");
1277 dpd = dead_peer_detection_create(&this->public);
1278 queue_transaction(this, (transaction_t*)dpd, FALSE);
1279 diff = 0;
1280 }
1281 }
1282 /* recheck in "interval" seconds */
1283 job = send_dpd_job_create(this->ike_sa_id);
1284 charon->event_queue->add_relative(charon->event_queue, (job_t*)job,
1285 (this->dpd_delay - diff) * 1000);
1286 return SUCCESS;
1287 }
1288
1289 /**
1290 * Implementation of ike_sa_t.send_keepalive
1291 */
1292 static void send_keepalive(private_ike_sa_t *this)
1293 {
1294 send_keepalive_job_t *job;
1295 time_t last_out, now, diff, interval;
1296
1297 last_out = get_time_outbound(this);
1298 now = time(NULL);
1299
1300 diff = now - last_out;
1301 interval = charon->configuration->get_keepalive_interval(charon->configuration);
1302
1303 if (diff >= interval)
1304 {
1305 packet_t *packet;
1306 chunk_t data;
1307
1308 packet = packet_create();
1309 packet->set_source(packet, this->my_host->clone(this->my_host));
1310 packet->set_destination(packet, this->other_host->clone(this->other_host));
1311 data.ptr = malloc(1);
1312 data.ptr[0] = 0xFF;
1313 data.len = 1;
1314 packet->set_data(packet, data);
1315 charon->send_queue->add(charon->send_queue, packet);
1316 DBG1(DBG_IKE, "sending keep alive");
1317 diff = 0;
1318 }
1319 job = send_keepalive_job_create(this->ike_sa_id);
1320 charon->event_queue->add_relative(charon->event_queue, (job_t*)job,
1321 (interval - diff) * 1000);
1322 }
1323
1324 /**
1325 * Implementation of ike_sa_t.get_state.
1326 */
1327 static ike_sa_state_t get_state(private_ike_sa_t *this)
1328 {
1329 return this->state;
1330 }
1331
1332 /**
1333 * Implementation of ike_sa_t.set_state.
1334 */
1335 static void set_state(private_ike_sa_t *this, ike_sa_state_t state)
1336 {
1337 DBG1(DBG_IKE, "IKE_SA state change: %N => %N",
1338 ike_sa_state_names, this->state,
1339 ike_sa_state_names, state);
1340
1341 if (state == IKE_ESTABLISHED)
1342 {
1343 this->time.established = time(NULL);
1344 /* start DPD checks */
1345 send_dpd(this);
1346 }
1347
1348 this->state = state;
1349 }
1350
1351 /**
1352 * Implementation of ike_sa_t.get_prf.
1353 */
1354 static prf_t *get_prf(private_ike_sa_t *this)
1355 {
1356 return this->prf;
1357 }
1358
1359 /**
1360 * Implementation of ike_sa_t.get_prf.
1361 */
1362 static prf_t *get_child_prf(private_ike_sa_t *this)
1363 {
1364 return this->child_prf;
1365 }
1366
1367 /**
1368 * Implementation of ike_sa_t.get_auth_bild
1369 */
1370 static prf_t *get_auth_build(private_ike_sa_t *this)
1371 {
1372 return this->auth_build;
1373 }
1374
1375 /**
1376 * Implementation of ike_sa_t.get_auth_verify
1377 */
1378 static prf_t *get_auth_verify(private_ike_sa_t *this)
1379 {
1380 return this->auth_verify;
1381 }
1382
1383 /**
1384 * Implementation of ike_sa_t.get_id.
1385 */
1386 static ike_sa_id_t* get_id(private_ike_sa_t *this)
1387 {
1388 return this->ike_sa_id;
1389 }
1390
1391 /**
1392 * Implementation of ike_sa_t.get_my_id.
1393 */
1394 static identification_t* get_my_id(private_ike_sa_t *this)
1395 {
1396 return this->my_id;
1397 }
1398
1399 /**
1400 * Implementation of ike_sa_t.set_my_id.
1401 */
1402 static void set_my_id(private_ike_sa_t *this, identification_t *me)
1403 {
1404 DESTROY_IF(this->my_id);
1405 this->my_id = me;
1406 }
1407
1408 /**
1409 * Implementation of ike_sa_t.get_other_id.
1410 */
1411 static identification_t* get_other_id(private_ike_sa_t *this)
1412 {
1413 return this->other_id;
1414 }
1415
1416 /**
1417 * Implementation of ike_sa_t.set_other_id.
1418 */
1419 static void set_other_id(private_ike_sa_t *this, identification_t *other)
1420 {
1421 DESTROY_IF(this->other_id);
1422 this->other_id = other;
1423 }
1424
1425 /**
1426 * Implementation of ike_sa_t.derive_keys.
1427 */
1428 static status_t derive_keys(private_ike_sa_t *this,
1429 proposal_t *proposal, diffie_hellman_t *dh,
1430 chunk_t nonce_i, chunk_t nonce_r,
1431 bool initiator, prf_t *child_prf, prf_t *old_prf)
1432 {
1433 prf_plus_t *prf_plus;
1434 chunk_t skeyseed, secret, key, nonces, prf_plus_seed;
1435 algorithm_t *algo;
1436 size_t key_size;
1437 crypter_t *crypter_i, *crypter_r;
1438 signer_t *signer_i, *signer_r;
1439 prf_t *prf_i, *prf_r;
1440 u_int8_t spi_i_buf[sizeof(u_int64_t)], spi_r_buf[sizeof(u_int64_t)];
1441 chunk_t spi_i = chunk_from_buf(spi_i_buf);
1442 chunk_t spi_r = chunk_from_buf(spi_r_buf);
1443
1444 /* Create SAs general purpose PRF first, we may use it here */
1445 if (!proposal->get_algorithm(proposal, PSEUDO_RANDOM_FUNCTION, &algo))
1446 {
1447 DBG1(DBG_IKE, "key derivation failed: no PSEUDO_RANDOM_FUNCTION");;
1448 return FAILED;
1449 }
1450 this->prf = prf_create(algo->algorithm);
1451 if (this->prf == NULL)
1452 {
1453 DBG1(DBG_IKE, "key derivation failed: PSEUDO_RANDOM_FUNCTION "
1454 "%N not supported!", pseudo_random_function_names, algo->algorithm);
1455 return FAILED;
1456 }
1457
1458 dh->get_shared_secret(dh, &secret);
1459 DBG4(DBG_IKE, "shared Diffie Hellman secret %B", &secret);
1460 nonces = chunk_cat("cc", nonce_i, nonce_r);
1461 *((u_int64_t*)spi_i.ptr) = this->ike_sa_id->get_initiator_spi(this->ike_sa_id);
1462 *((u_int64_t*)spi_r.ptr) = this->ike_sa_id->get_responder_spi(this->ike_sa_id);
1463 prf_plus_seed = chunk_cat("ccc", nonces, spi_i, spi_r);
1464
1465 /* KEYMAT = prf+ (SKEYSEED, Ni | Nr | SPIi | SPIr)
1466 *
1467 * if we are rekeying, SKEYSEED is built on another way
1468 */
1469 if (child_prf == NULL) /* not rekeying */
1470 {
1471 /* SKEYSEED = prf(Ni | Nr, g^ir) */
1472 this->prf->set_key(this->prf, nonces);
1473 this->prf->allocate_bytes(this->prf, secret, &skeyseed);
1474 DBG4(DBG_IKE, "SKEYSEED %B", &skeyseed);
1475 this->prf->set_key(this->prf, skeyseed);
1476 chunk_free(&skeyseed);
1477 chunk_free(&secret);
1478 prf_plus = prf_plus_create(this->prf, prf_plus_seed);
1479 }
1480 else
1481 {
1482 /* SKEYSEED = prf(SK_d (old), [g^ir (new)] | Ni | Nr)
1483 * use OLD SAs PRF functions for both prf_plus and prf */
1484 secret = chunk_cat("mc", secret, nonces);
1485 child_prf->allocate_bytes(child_prf, secret, &skeyseed);
1486 DBG4(DBG_IKE, "SKEYSEED %B", &skeyseed);
1487 old_prf->set_key(old_prf, skeyseed);
1488 chunk_free(&skeyseed);
1489 chunk_free(&secret);
1490 prf_plus = prf_plus_create(old_prf, prf_plus_seed);
1491 }
1492 chunk_free(&nonces);
1493 chunk_free(&prf_plus_seed);
1494
1495 /* KEYMAT = SK_d | SK_ai | SK_ar | SK_ei | SK_er | SK_pi | SK_pr */
1496
1497 /* SK_d is used for generating CHILD_SA key mat => child_prf */
1498 proposal->get_algorithm(proposal, PSEUDO_RANDOM_FUNCTION, &algo);
1499 this->child_prf = prf_create(algo->algorithm);
1500 key_size = this->child_prf->get_key_size(this->child_prf);
1501 prf_plus->allocate_bytes(prf_plus, key_size, &key);
1502 DBG4(DBG_IKE, "Sk_d secret %B", &key);
1503 this->child_prf->set_key(this->child_prf, key);
1504 chunk_free(&key);
1505
1506 /* SK_ai/SK_ar used for integrity protection => signer_in/signer_out */
1507 if (!proposal->get_algorithm(proposal, INTEGRITY_ALGORITHM, &algo))
1508 {
1509 DBG1(DBG_IKE, "key derivation failed: no INTEGRITY_ALGORITHM");
1510 return FAILED;
1511 }
1512 signer_i = signer_create(algo->algorithm);
1513 signer_r = signer_create(algo->algorithm);
1514 if (signer_i == NULL || signer_r == NULL)
1515 {
1516 DBG1(DBG_IKE, "key derivation failed: INTEGRITY_ALGORITHM "
1517 "%N not supported!", integrity_algorithm_names ,algo->algorithm);
1518 return FAILED;
1519 }
1520 key_size = signer_i->get_key_size(signer_i);
1521
1522 prf_plus->allocate_bytes(prf_plus, key_size, &key);
1523 DBG4(DBG_IKE, "Sk_ai secret %B", &key);
1524 signer_i->set_key(signer_i, key);
1525 chunk_free(&key);
1526
1527 prf_plus->allocate_bytes(prf_plus, key_size, &key);
1528 DBG4(DBG_IKE, "Sk_ar secret %B", &key);
1529 signer_r->set_key(signer_r, key);
1530 chunk_free(&key);
1531
1532 if (initiator)
1533 {
1534 this->signer_in = signer_r;
1535 this->signer_out = signer_i;
1536 }
1537 else
1538 {
1539 this->signer_in = signer_i;
1540 this->signer_out = signer_r;
1541 }
1542
1543 /* SK_ei/SK_er used for encryption => crypter_in/crypter_out */
1544 if (!proposal->get_algorithm(proposal, ENCRYPTION_ALGORITHM, &algo))
1545 {
1546 DBG1(DBG_IKE, "key derivation failed: no ENCRYPTION_ALGORITHM");
1547 return FAILED;
1548 }
1549 crypter_i = crypter_create(algo->algorithm, algo->key_size / 8);
1550 crypter_r = crypter_create(algo->algorithm, algo->key_size / 8);
1551 if (crypter_i == NULL || crypter_r == NULL)
1552 {
1553 DBG1(DBG_IKE, "key derivation failed: ENCRYPTION_ALGORITHM "
1554 "%N (key size %d) not supported!",
1555 encryption_algorithm_names, algo->algorithm, algo->key_size);
1556 return FAILED;
1557 }
1558 key_size = crypter_i->get_key_size(crypter_i);
1559
1560 prf_plus->allocate_bytes(prf_plus, key_size, &key);
1561 DBG4(DBG_IKE, "Sk_ei secret %B", &key);
1562 crypter_i->set_key(crypter_i, key);
1563 chunk_free(&key);
1564
1565 prf_plus->allocate_bytes(prf_plus, key_size, &key);
1566 DBG4(DBG_IKE, "Sk_er secret %B", &key);
1567 crypter_r->set_key(crypter_r, key);
1568 chunk_free(&key);
1569
1570 if (initiator)
1571 {
1572 this->crypter_in = crypter_r;
1573 this->crypter_out = crypter_i;
1574 }
1575 else
1576 {
1577 this->crypter_in = crypter_i;
1578 this->crypter_out = crypter_r;
1579 }
1580
1581 /* SK_pi/SK_pr used for authentication => prf_auth_i, prf_auth_r */
1582 proposal->get_algorithm(proposal, PSEUDO_RANDOM_FUNCTION, &algo);
1583 prf_i = prf_create(algo->algorithm);
1584 prf_r = prf_create(algo->algorithm);
1585
1586 key_size = prf_i->get_key_size(prf_i);
1587 prf_plus->allocate_bytes(prf_plus, key_size, &key);
1588 DBG4(DBG_IKE, "Sk_pi secret %B", &key);
1589 prf_i->set_key(prf_i, key);
1590 chunk_free(&key);
1591
1592 prf_plus->allocate_bytes(prf_plus, key_size, &key);
1593 DBG4(DBG_IKE, "Sk_pr secret %B", &key);
1594 prf_r->set_key(prf_r, key);
1595 chunk_free(&key);
1596
1597 if (initiator)
1598 {
1599 this->auth_verify = prf_r;
1600 this->auth_build = prf_i;
1601 }
1602 else
1603 {
1604 this->auth_verify = prf_i;
1605 this->auth_build = prf_r;
1606 }
1607
1608 /* all done, prf_plus not needed anymore */
1609 prf_plus->destroy(prf_plus);
1610
1611 return SUCCESS;
1612 }
1613
1614 /**
1615 * Implementation of ike_sa_t.add_child_sa.
1616 */
1617 static void add_child_sa(private_ike_sa_t *this, child_sa_t *child_sa)
1618 {
1619 this->child_sas->insert_last(this->child_sas, child_sa);
1620 }
1621
1622 /**
1623 * Implementation of ike_sa_t.has_child_sa.
1624 */
1625 static bool has_child_sa(private_ike_sa_t *this, u_int32_t reqid)
1626 {
1627 iterator_t *iterator;
1628 child_sa_t *current;
1629 bool found = FALSE;
1630
1631 iterator = this->child_sas->create_iterator(this->child_sas, TRUE);
1632 while (iterator->iterate(iterator, (void**)&current))
1633 {
1634 if (current->get_reqid(current) == reqid)
1635 {
1636 found = TRUE;
1637 break;
1638 }
1639 }
1640 iterator->destroy(iterator);
1641 return found;
1642 }
1643
1644 /**
1645 * Implementation of ike_sa_t.get_child_sa.
1646 */
1647 static child_sa_t* get_child_sa(private_ike_sa_t *this, protocol_id_t protocol,
1648 u_int32_t spi, bool inbound)
1649 {
1650 iterator_t *iterator;
1651 child_sa_t *current, *found = NULL;
1652
1653 iterator = this->child_sas->create_iterator(this->child_sas, TRUE);
1654 while (iterator->iterate(iterator, (void**)&current))
1655 {;
1656 if (current->get_spi(current, inbound) == spi &&
1657 current->get_protocol(current) == protocol)
1658 {
1659 found = current;
1660 }
1661 }
1662 iterator->destroy(iterator);
1663 return found;
1664 }
1665
1666 /**
1667 * Implementation of ike_sa_t.create_child_sa_iterator.
1668 */
1669 static iterator_t* create_child_sa_iterator(private_ike_sa_t *this)
1670 {
1671 return this->child_sas->create_iterator(this->child_sas, TRUE);
1672 }
1673
1674 /**
1675 * Implementation of ike_sa_t.rekey_child_sa.
1676 */
1677 static status_t rekey_child_sa(private_ike_sa_t *this, protocol_id_t protocol, u_int32_t spi)
1678 {
1679 create_child_sa_t *rekey;
1680 child_sa_t *child_sa;
1681
1682 child_sa = get_child_sa(this, protocol, spi, TRUE);
1683 if (child_sa == NULL)
1684 {
1685 return NOT_FOUND;
1686 }
1687
1688 rekey = create_child_sa_create(&this->public);
1689 rekey->rekeys_child(rekey, child_sa);
1690 return queue_transaction(this, (transaction_t*)rekey, FALSE);
1691 }
1692
1693 /**
1694 * Implementation of ike_sa_t.delete_child_sa.
1695 */
1696 static status_t delete_child_sa(private_ike_sa_t *this, protocol_id_t protocol, u_int32_t spi)
1697 {
1698 delete_child_sa_t *del;
1699 child_sa_t *child_sa;
1700
1701 child_sa = get_child_sa(this, protocol, spi, TRUE);
1702 if (child_sa == NULL)
1703 {
1704 return NOT_FOUND;
1705 }
1706
1707 del = delete_child_sa_create(&this->public);
1708 del->set_child_sa(del, child_sa);
1709 return queue_transaction(this, (transaction_t*)del, FALSE);
1710 }
1711
1712 /**
1713 * Implementation of ike_sa_t.destroy_child_sa.
1714 */
1715 static status_t destroy_child_sa(private_ike_sa_t *this, protocol_id_t protocol, u_int32_t spi)
1716 {
1717 iterator_t *iterator;
1718 child_sa_t *child_sa;
1719 status_t status = NOT_FOUND;
1720
1721 iterator = this->child_sas->create_iterator(this->child_sas, TRUE);
1722 while (iterator->iterate(iterator, (void**)&child_sa))
1723 {
1724 if (child_sa->get_protocol(child_sa) == protocol &&
1725 child_sa->get_spi(child_sa, TRUE) == spi)
1726 {
1727 child_sa->destroy(child_sa);
1728 iterator->remove(iterator);
1729 status = SUCCESS;
1730 break;
1731 }
1732 }
1733 iterator->destroy(iterator);
1734 return status;
1735 }
1736
1737 /**
1738 * Implementation of ike_sa_t.set_lifetimes.
1739 */
1740 static void set_lifetimes(private_ike_sa_t *this, bool reauth,
1741 u_int32_t soft_lifetime, u_int32_t hard_lifetime)
1742 {
1743 job_t *job;
1744
1745 if (soft_lifetime)
1746 {
1747 this->time.rekey = this->time.established + soft_lifetime;
1748 job = (job_t*)rekey_ike_sa_job_create(this->ike_sa_id, reauth);
1749 charon->event_queue->add_relative(charon->event_queue, job,
1750 soft_lifetime * 1000);
1751 }
1752
1753 if (hard_lifetime)
1754 {
1755 this->time.delete = this->time.established + hard_lifetime;
1756 job = (job_t*)delete_ike_sa_job_create(this->ike_sa_id, TRUE);
1757 charon->event_queue->add_relative(charon->event_queue, job,
1758 hard_lifetime * 1000);
1759 }
1760 }
1761
1762 /**
1763 * Implementation of public_ike_sa_t.delete.
1764 */
1765 static status_t delete_(private_ike_sa_t *this)
1766 {
1767 switch (this->state)
1768 {
1769 case IKE_CONNECTING:
1770 {
1771 /* this may happen if a half open IKE_SA gets closed after a
1772 * timeout. We signal here UP_FAILED to complete the SIG schema */
1773 SIG(IKE_UP_FAILED, "half open IKE_SA deleted after timeout");
1774 return DESTROY_ME;
1775 }
1776 case IKE_ESTABLISHED:
1777 {
1778 delete_ike_sa_t *delete_ike_sa;
1779 if (this->transaction_out)
1780 {
1781 /* already a transaction in progress. As this may hang
1782 * around a while, we don't inform the other peer. */
1783 return DESTROY_ME;
1784 }
1785 delete_ike_sa = delete_ike_sa_create(&this->public);
1786 return queue_transaction(this, (transaction_t*)delete_ike_sa, FALSE);
1787 }
1788 case IKE_CREATED:
1789 case IKE_DELETING:
1790 default:
1791 {
1792 SIG(IKE_DOWN_START, "closing IKE_SA");
1793 SIG(IKE_DOWN_SUCCESS, "IKE_SA closed between %H[%D]...%H[%D]",
1794 this->my_host, this->my_id, this->other_host, this->other_id);
1795 return DESTROY_ME;
1796 }
1797 }
1798 }
1799
1800 /**
1801 * Implementation of ike_sa_t.rekey.
1802 */
1803 static status_t rekey(private_ike_sa_t *this)
1804 {
1805 rekey_ike_sa_t *rekey_ike_sa;
1806
1807 DBG1(DBG_IKE, "rekeying IKE_SA between %H[%D]..%H[%D]",
1808 this->my_host, this->my_id, this->other_host, this->other_id);
1809
1810 if (this->state != IKE_ESTABLISHED)
1811 {
1812 SIG(IKE_REKEY_START, "rekeying IKE_SA");
1813 SIG(IKE_REKEY_FAILED, "unable to rekey IKE_SA in state %N",
1814 ike_sa_state_names, this->state);
1815 return FAILED;
1816 }
1817
1818 rekey_ike_sa = rekey_ike_sa_create(&this->public);
1819 return queue_transaction(this, (transaction_t*)rekey_ike_sa, FALSE);
1820 }
1821
1822 /**
1823 * Implementation of ike_sa_t.reauth.
1824 */
1825 static status_t reauth(private_ike_sa_t *this)
1826 {
1827 connection_t *connection;
1828 child_sa_t *child_sa;
1829 iterator_t *iterator;
1830
1831 DBG1(DBG_IKE, "reauthenticating IKE_SA between %H[%D]..%H[%D]",
1832 this->my_host, this->my_id, this->other_host, this->other_id);
1833
1834 /* get a connection to initiate */
1835 connection = charon->connections->get_connection_by_hosts(charon->connections,
1836 this->my_host, this->other_host);
1837 if (connection == NULL)
1838 {
1839 DBG1(DBG_IKE, "no connection found to reauthenticate");
1840 return FAILED;
1841 }
1842
1843 /* queue CREATE_CHILD_SA transactions to set up all CHILD_SAs */
1844 iterator = this->child_sas->create_iterator(this->child_sas, TRUE);
1845 while (iterator->iterate(iterator, (void**)&child_sa))
1846 {
1847 job_t *job;
1848 policy_t *policy;
1849 linked_list_t *my_ts, *other_ts;
1850 host_t *other;
1851
1852 my_ts = child_sa->get_my_traffic_selectors(child_sa);
1853 other_ts = child_sa->get_other_traffic_selectors(child_sa);
1854 policy = charon->policies->get_policy(charon->policies,
1855 this->my_id, this->other_id, my_ts, other_ts,
1856 this->my_host, this->other_host, NULL);
1857 if (policy == NULL)
1858 {
1859 DBG1(DBG_IKE, "policy not found to recreate CHILD_SA, skipped");
1860 continue;
1861 }
1862 connection->get_ref(connection);
1863 other = this->other_host->clone(this->other_host);
1864 job = (job_t*)initiate_job_create(connection, other, policy);
1865 charon->job_queue->add(charon->job_queue, job);
1866 }
1867 iterator->destroy(iterator);
1868 connection->destroy(connection);
1869
1870 /* delete the old IKE_SA
1871 * TODO: we should delay the delete to avoid connectivity gaps?! */
1872 return delete_(this);
1873 }
1874
1875 /**
1876 * Implementation of ike_sa_t.get_rekeying_transaction.
1877 */
1878 static transaction_t* get_rekeying_transaction(private_ike_sa_t *this)
1879 {
1880 return this->rekeying_transaction;
1881 }
1882
1883 /**
1884 * Implementation of ike_sa_t.set_rekeying_transaction.
1885 */
1886 static void set_rekeying_transaction(private_ike_sa_t *this, transaction_t *rekey)
1887 {
1888 this->rekeying_transaction = rekey;
1889 }
1890
1891 /**
1892 * Implementation of ike_sa_t.adopt_children.
1893 */
1894 static void adopt_children(private_ike_sa_t *this, private_ike_sa_t *other)
1895 {
1896 child_sa_t *child_sa;
1897
1898 while (other->child_sas->remove_last(other->child_sas,
1899 (void**)&child_sa) == SUCCESS)
1900 {
1901 this->child_sas->insert_first(this->child_sas, (void*)child_sa);
1902 }
1903 }
1904
1905 /**
1906 * Implementation of ike_sa_t.get_next_message_id.
1907 */
1908 static u_int32_t get_next_message_id (private_ike_sa_t *this)
1909 {
1910 return this->message_id_out++;
1911 }
1912
1913 /**
1914 * Implementation of ike_sa_t.is_natt_enabled.
1915 */
1916 static bool is_natt_enabled(private_ike_sa_t *this)
1917 {
1918 return this->nat_here || this->nat_there;
1919 }
1920
1921 /**
1922 * Implementation of ike_sa_t.enable_natt.
1923 */
1924 static void enable_natt(private_ike_sa_t *this, bool local)
1925 {
1926 if (local)
1927 {
1928 DBG1(DBG_IKE, "local host is behind NAT, using NAT-T, "
1929 "scheduled keep alives");
1930 this->nat_here = TRUE;
1931 send_keepalive(this);
1932 }
1933 else
1934 {
1935 DBG1(DBG_IKE, "remote host is behind NAT, using NAT-T");
1936 this->nat_there = TRUE;
1937 }
1938 }
1939
1940 /**
1941 * output handler in printf()
1942 */
1943 static int print(FILE *stream, const struct printf_info *info,
1944 const void *const *args)
1945 {
1946 int written = 0;
1947 private_ike_sa_t *this = *((private_ike_sa_t**)(args[0]));
1948
1949 if (this == NULL)
1950 {
1951 return fprintf(stream, "(null)");
1952 }
1953
1954 written = fprintf(stream, "%12s: %N, %H[%D]...%H[%D]",
1955 this->name, ike_sa_state_names, this->state,
1956 this->my_host, this->my_id, this->other_host, this->other_id);
1957 written += fprintf(stream, "\n%12s: IKE SPIs: %J", this->name, this->ike_sa_id);
1958
1959 if (info->alt)
1960 {
1961
1962 }
1963 return written;
1964 }
1965
1966 /**
1967 * register printf() handlers
1968 */
1969 static void __attribute__ ((constructor))print_register()
1970 {
1971 register_printf_function(PRINTF_IKE_SA, print, arginfo_ptr);
1972 }
1973
1974 /**
1975 * Implementation of ike_sa_t.destroy.
1976 */
1977 static void destroy(private_ike_sa_t *this)
1978 {
1979 this->child_sas->destroy_offset(this->child_sas, offsetof(child_sa_t, destroy));
1980 this->transaction_queue->destroy_offset(this->transaction_queue, offsetof(transaction_t, destroy));
1981
1982 DESTROY_IF(this->transaction_in);
1983 DESTROY_IF(this->transaction_in_next);
1984 DESTROY_IF(this->transaction_out);
1985 DESTROY_IF(this->crypter_in);
1986 DESTROY_IF(this->crypter_out);
1987 DESTROY_IF(this->signer_in);
1988 DESTROY_IF(this->signer_out);
1989 DESTROY_IF(this->prf);
1990 DESTROY_IF(this->child_prf);
1991 DESTROY_IF(this->auth_verify);
1992 DESTROY_IF(this->auth_build);
1993
1994 DESTROY_IF(this->my_host);
1995 DESTROY_IF(this->other_host);
1996 DESTROY_IF(this->my_id);
1997 DESTROY_IF(this->other_id);
1998
1999 free(this->name);
2000 this->ike_sa_id->destroy(this->ike_sa_id);
2001 free(this);
2002 }
2003
2004 /*
2005 * Described in header.
2006 */
2007 ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id)
2008 {
2009 private_ike_sa_t *this = malloc_thing(private_ike_sa_t);
2010
2011 /* Public functions */
2012 this->public.get_state = (ike_sa_state_t(*)(ike_sa_t*)) get_state;
2013 this->public.set_state = (void(*)(ike_sa_t*,ike_sa_state_t)) set_state;
2014 this->public.get_name = (char*(*)(ike_sa_t*))get_name;
2015 this->public.set_name = (void(*)(ike_sa_t*,char*))set_name;
2016 this->public.process_message = (status_t(*)(ike_sa_t*, message_t*)) process_message;
2017 this->public.initiate = (status_t(*)(ike_sa_t*,connection_t*,policy_t*)) initiate;
2018 this->public.route = (status_t(*)(ike_sa_t*,connection_t*,policy_t*)) route;
2019 this->public.unroute = (status_t(*)(ike_sa_t*,policy_t*)) unroute;
2020 this->public.acquire = (status_t(*)(ike_sa_t*,u_int32_t)) acquire;
2021 this->public.get_id = (ike_sa_id_t*(*)(ike_sa_t*)) get_id;
2022 this->public.get_my_host = (host_t*(*)(ike_sa_t*)) get_my_host;
2023 this->public.set_my_host = (void(*)(ike_sa_t*,host_t*)) set_my_host;
2024 this->public.get_other_host = (host_t*(*)(ike_sa_t*)) get_other_host;
2025 this->public.set_other_host = (void(*)(ike_sa_t*,host_t*)) set_other_host;
2026 this->public.get_my_id = (identification_t*(*)(ike_sa_t*)) get_my_id;
2027 this->public.set_my_id = (void(*)(ike_sa_t*,identification_t*)) set_my_id;
2028 this->public.get_other_id = (identification_t*(*)(ike_sa_t*)) get_other_id;
2029 this->public.set_other_id = (void(*)(ike_sa_t*,identification_t*)) set_other_id;
2030 this->public.get_next_message_id = (u_int32_t(*)(ike_sa_t*)) get_next_message_id;
2031 this->public.retransmit_request = (status_t (*) (ike_sa_t *, u_int32_t)) retransmit_request;
2032 this->public.delete = (status_t(*)(ike_sa_t*))delete_;
2033 this->public.destroy = (void(*)(ike_sa_t*))destroy;
2034 this->public.send_dpd = (status_t (*)(ike_sa_t*)) send_dpd;
2035 this->public.send_keepalive = (void (*)(ike_sa_t*)) send_keepalive;
2036 this->public.get_prf = (prf_t *(*) (ike_sa_t *)) get_prf;
2037 this->public.get_child_prf = (prf_t *(*) (ike_sa_t *)) get_child_prf;
2038 this->public.get_auth_verify = (prf_t *(*) (ike_sa_t *)) get_auth_verify;
2039 this->public.get_auth_build = (prf_t *(*) (ike_sa_t *)) get_auth_build;
2040 this->public.derive_keys = (status_t (*) (ike_sa_t *,proposal_t*,diffie_hellman_t*,chunk_t,chunk_t,bool,prf_t*,prf_t*)) derive_keys;
2041 this->public.add_child_sa = (void (*) (ike_sa_t*,child_sa_t*)) add_child_sa;
2042 this->public.has_child_sa = (bool(*)(ike_sa_t*,u_int32_t)) has_child_sa;
2043 this->public.get_child_sa = (child_sa_t* (*)(ike_sa_t*,protocol_id_t,u_int32_t,bool)) get_child_sa;
2044 this->public.create_child_sa_iterator = (iterator_t* (*)(ike_sa_t*)) create_child_sa_iterator;
2045 this->public.rekey_child_sa = (status_t(*)(ike_sa_t*,protocol_id_t,u_int32_t)) rekey_child_sa;
2046 this->public.delete_child_sa = (status_t(*)(ike_sa_t*,protocol_id_t,u_int32_t)) delete_child_sa;
2047 this->public.destroy_child_sa = (status_t (*)(ike_sa_t*,protocol_id_t,u_int32_t))destroy_child_sa;
2048 this->public.enable_natt = (void(*)(ike_sa_t*, bool)) enable_natt;
2049 this->public.is_natt_enabled = (bool(*)(ike_sa_t*)) is_natt_enabled;
2050 this->public.set_lifetimes = (void(*)(ike_sa_t*,bool,u_int32_t,u_int32_t))set_lifetimes;
2051 this->public.apply_connection = (void(*)(ike_sa_t*,connection_t*))apply_connection;
2052 this->public.rekey = (status_t(*)(ike_sa_t*))rekey;
2053 this->public.reauth = (status_t(*)(ike_sa_t*))reauth;
2054 this->public.get_rekeying_transaction = (transaction_t*(*)(ike_sa_t*))get_rekeying_transaction;
2055 this->public.set_rekeying_transaction = (void(*)(ike_sa_t*,transaction_t*))set_rekeying_transaction;
2056 this->public.adopt_children = (void(*)(ike_sa_t*,ike_sa_t*))adopt_children;
2057
2058 /* initialize private fields */
2059 this->ike_sa_id = ike_sa_id->clone(ike_sa_id);
2060 this->name = strdup("(uninitialized)");
2061 this->child_sas = linked_list_create();
2062 this->my_host = host_create_from_string("0.0.0.0", 0);
2063 this->other_host = host_create_from_string("0.0.0.0", 0);
2064 this->my_id = identification_create_from_encoding(ID_ANY, chunk_empty);
2065 this->other_id = identification_create_from_encoding(ID_ANY, chunk_empty);
2066 this->crypter_in = NULL;
2067 this->crypter_out = NULL;
2068 this->signer_in = NULL;
2069 this->signer_out = NULL;
2070 this->prf = NULL;
2071 this->auth_verify = NULL;
2072 this->auth_build = NULL;
2073 this->child_prf = NULL;
2074 this->nat_here = FALSE;
2075 this->nat_there = FALSE;
2076 this->transaction_queue = linked_list_create();
2077 this->transaction_in = NULL;
2078 this->transaction_in_next = NULL;
2079 this->transaction_out = NULL;
2080 this->rekeying_transaction = NULL;
2081 this->state = IKE_CREATED;
2082 this->message_id_out = 0;
2083 /* set to NOW, as when we rekey an existing IKE_SA no message is exchanged
2084 * and inbound therefore uninitialized */
2085 this->time.inbound = this->time.outbound = time(NULL);
2086 this->time.established = 0;
2087 this->time.rekey = 0;
2088 this->time.delete = 0;
2089 this->dpd_delay = 0;
2090 this->retrans_sequences = 0;
2091
2092 return &this->public;
2093 }