6488cc20ca08933ccaed1d6bdf3128c9cb6400e2
[strongswan.git] / src / charon / sa / ike_sa.c
1 /**
2 * @file ike_sa.c
3 *
4 * @brief Implementation of ike_sa_t.
5 *
6 */
7
8 /*
9 * Copyright (C) 2006 Tobias Brunner, Daniel Roethlisberger
10 * Copyright (C) 2005-2006 Martin Willi
11 * Copyright (C) 2005 Jan Hutter
12 * Hochschule fuer Technik Rapperswil
13 *
14 * This program is free software; you can redistribute it and/or modify it
15 * under the terms of the GNU General Public License as published by the
16 * Free Software Foundation; either version 2 of the License, or (at your
17 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
18 *
19 * This program is distributed in the hope that it will be useful, but
20 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
21 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
22 * for more details.
23 */
24
25 #include <sys/time.h>
26 #include <string.h>
27
28 #include "ike_sa.h"
29
30 #include <types.h>
31 #include <daemon.h>
32 #include <definitions.h>
33 #include <utils/linked_list.h>
34 #include <utils/logger_manager.h>
35 #include <crypto/diffie_hellman.h>
36 #include <crypto/prf_plus.h>
37 #include <crypto/crypters/crypter.h>
38 #include <crypto/hashers/hasher.h>
39 #include <encoding/payloads/sa_payload.h>
40 #include <encoding/payloads/nonce_payload.h>
41 #include <encoding/payloads/ke_payload.h>
42 #include <encoding/payloads/delete_payload.h>
43 #include <encoding/payloads/transform_substructure.h>
44 #include <encoding/payloads/transform_attribute.h>
45 #include <encoding/payloads/ts_payload.h>
46 #include <sa/transactions/transaction.h>
47 #include <sa/transactions/ike_sa_init.h>
48 #include <sa/transactions/delete_ike_sa.h>
49 #include <sa/transactions/create_child_sa.h>
50 #include <sa/transactions/delete_child_sa.h>
51 #include <sa/transactions/dead_peer_detection.h>
52 #include <sa/transactions/rekey_ike_sa.h>
53 #include <queues/jobs/retransmit_request_job.h>
54 #include <queues/jobs/delete_ike_sa_job.h>
55 #include <queues/jobs/send_dpd_job.h>
56 #include <queues/jobs/send_keepalive_job.h>
57 #include <queues/jobs/rekey_ike_sa_job.h>
58
59 /**
60 * String mappings for ike_sa_state_t.
61 */
62 mapping_t ike_sa_state_m[] = {
63 {IKE_CREATED, "CREATED"},
64 {IKE_CONNECTING, "CONNECTING"},
65 {IKE_ESTABLISHED, "ESTABLISHED"},
66 {IKE_REKEYING, "REKEYING"},
67 {IKE_DELETING, "DELETING"},
68 {MAPPING_END, NULL}
69 };
70
71
72 typedef struct private_ike_sa_t private_ike_sa_t;
73
74 /**
75 * Private data of an ike_sa_t object.
76 */
77 struct private_ike_sa_t {
78
79 /**
80 * Public members
81 */
82 ike_sa_t public;
83
84 /**
85 * Identifier for the current IKE_SA.
86 */
87 ike_sa_id_t *ike_sa_id;
88
89 /**
90 * Current state of the IKE_SA
91 */
92 ike_sa_state_t state;
93
94 /**
95 * Name of the connection used by this IKE_SA
96 */
97 char *name;
98
99 /**
100 * Address of local host
101 */
102 host_t *my_host;
103
104 /**
105 * Address of remote host
106 */
107 host_t *other_host;
108
109 /**
110 * Identification used for us
111 */
112 identification_t *my_id;
113
114 /**
115 * Identification used for other
116 */
117 identification_t *other_id;
118
119 /**
120 * Linked List containing the child sa's of the current IKE_SA.
121 */
122 linked_list_t *child_sas;
123
124 /**
125 * crypter for inbound traffic
126 */
127 crypter_t *crypter_in;
128
129 /**
130 * crypter for outbound traffic
131 */
132 crypter_t *crypter_out;
133
134 /**
135 * Signer for inbound traffic
136 */
137 signer_t *signer_in;
138
139 /**
140 * Signer for outbound traffic
141 */
142 signer_t *signer_out;
143
144 /**
145 * Multi purpose prf, set key, use it, forget it
146 */
147 prf_t *prf;
148
149 /**
150 * Prf function for derivating keymat child SAs
151 */
152 prf_t *child_prf;
153
154 /**
155 * PRF, with key set to pi_key, used for authentication
156 */
157 prf_t *prf_auth_i;
158
159 /**
160 * PRF, with key set to pr_key, used for authentication
161 */
162 prf_t *prf_auth_r;
163
164 /**
165 * A logger for this IKE_SA.
166 */
167 logger_t *logger;
168
169 /**
170 * NAT hasher.
171 */
172 hasher_t *nat_hasher;
173
174 /**
175 * NAT status of local host.
176 */
177 bool nat_here;
178
179 /**
180 * NAT status of remote host.
181 */
182 bool nat_there;
183
184 /**
185 * message ID for next outgoung request
186 */
187 u_int32_t message_id_out;
188
189 /**
190 * Timestamps for this IKE_SA
191 */
192 struct {
193 /** last IKE message received */
194 u_int32_t inbound;
195 /** last IKE message sent */
196 u_int32_t outbound;
197 /** when IKE_SA became established */
198 u_int32_t established;
199 /** when IKE_SA gets rekeyed */
200 u_int32_t rekey;
201 /** when IKE_SA gets deleted */
202 u_int32_t delete;
203 } time;
204
205 /**
206 * interval to send DPD liveness check
207 */
208 time_t dpd_delay;
209
210 /**
211 * number of retransmit sequences to go through before giving up (keyingtries)
212 */
213 u_int32_t retrans_sequences;
214
215 /**
216 * List of queued transactions to process
217 */
218 linked_list_t *transaction_queue;
219
220 /**
221 * Transaction currently initiated
222 * (only one supported yet, window size = 1)
223 */
224 transaction_t *transaction_out;
225
226 /**
227 * last transaction initiated by peer processed.
228 * (only one supported yet, window size = 1)
229 * Stored for retransmission.
230 */
231 transaction_t *transaction_in;
232
233 /**
234 * Next incoming transaction expected. Used to
235 * do multi transaction operations.
236 */
237 transaction_t *transaction_in_next;
238
239 /**
240 * Transaction which rekeys this IKE_SA, used do detect simultaneus rekeying
241 */
242 rekey_ike_sa_t *rekeying_transaction;
243 };
244
245 /**
246 * get the time of the latest traffic processed by the kernel
247 */
248 static time_t get_kernel_time(private_ike_sa_t* this, bool inbound)
249 {
250 iterator_t *iterator;
251 child_sa_t *child_sa;
252 time_t latest = 0, use_time;
253
254 iterator = this->child_sas->create_iterator(this->child_sas, TRUE);
255 while (iterator->iterate(iterator, (void**)&child_sa))
256 {
257 if (child_sa->get_use_time(child_sa, inbound, &use_time) == SUCCESS)
258 {
259 latest = max(latest, use_time);
260 }
261 }
262 iterator->destroy(iterator);
263
264 return latest;
265 }
266
267 /**
268 * get the time of the latest received traffice
269 */
270 static time_t get_time_inbound(private_ike_sa_t *this)
271 {
272 return max(this->time.inbound, get_kernel_time(this, TRUE));
273 }
274
275 /**
276 * get the time of the latest sent traffic
277 */
278 static time_t get_time_outbound(private_ike_sa_t *this)
279 {
280 return max(this->time.outbound, get_kernel_time(this, FALSE));
281 }
282
283 /**
284 * Implementation of ike_sa_t.get_name.
285 */
286 static char *get_name(private_ike_sa_t *this)
287 {
288 return this->name;
289 }
290
291 /**
292 * Implementation of ike_sa_t.set_name.
293 */
294 static void set_name(private_ike_sa_t *this, char* name)
295 {
296 free(this->name);
297 this->name = strdup(name);
298 }
299
300 /**
301 * Implementation of ike_sa_t.get_my_host.
302 */
303 static host_t *get_my_host(private_ike_sa_t *this)
304 {
305 return this->my_host;
306 }
307
308 /**
309 * Implementation of ike_sa_t.set_my_host.
310 */
311 static void set_my_host(private_ike_sa_t *this, host_t *me)
312 {
313 DESTROY_IF(this->my_host);
314 this->my_host = me;
315 }
316
317 /**
318 * Implementation of ike_sa_t.get_other_host.
319 */
320 static host_t *get_other_host(private_ike_sa_t *this)
321 {
322 return this->other_host;
323 }
324
325 /**
326 * Implementation of ike_sa_t.set_other_host.
327 */
328 static void set_other_host(private_ike_sa_t *this, host_t *other)
329 {
330 DESTROY_IF(this->other_host);
331 this->other_host = other;
332 }
333
334 /**
335 * Update connection host, as addresses may change (NAT)
336 */
337 static void update_hosts(private_ike_sa_t *this, host_t *me, host_t *other)
338 {
339 /*
340 * Quoting RFC 4306:
341 *
342 * 2.11. Address and Port Agility
343 *
344 * IKE runs over UDP ports 500 and 4500, and implicitly sets up ESP and
345 * AH associations for the same IP addresses it runs over. The IP
346 * addresses and ports in the outer header are, however, not themselves
347 * cryptographically protected, and IKE is designed to work even through
348 * Network Address Translation (NAT) boxes. An implementation MUST
349 * accept incoming requests even if the source port is not 500 or 4500,
350 * and MUST respond to the address and port from which the request was
351 * received. It MUST specify the address and port at which the request
352 * was received as the source address and port in the response. IKE
353 * functions identically over IPv4 or IPv6.
354 *
355 * [...]
356 *
357 * There are cases where a NAT box decides to remove mappings that
358 * are still alive (for example, the keepalive interval is too long,
359 * or the NAT box is rebooted). To recover in these cases, hosts
360 * that are not behind a NAT SHOULD send all packets (including
361 * retransmission packets) to the IP address and port from the last
362 * valid authenticated packet from the other end (i.e., dynamically
363 * update the address). A host behind a NAT SHOULD NOT do this
364 * because it opens a DoS attack possibility. Any authenticated IKE
365 * packet or any authenticated UDP-encapsulated ESP packet can be
366 * used to detect that the IP address or the port has changed.
367 */
368 iterator_t *iterator = NULL;
369 child_sa_t *child_sa = NULL;
370 host_diff_t my_diff, other_diff;
371
372 if (this->my_host->is_anyaddr(this->my_host) ||
373 this->other_host->is_anyaddr(this->other_host))
374 {
375 /* on first received message */
376 this->my_host->destroy(this->my_host);
377 this->my_host = me->clone(me);
378 this->other_host->destroy(this->other_host);
379 this->other_host = other->clone(other);
380 return;
381 }
382
383 my_diff = me->get_differences(me, this->my_host);
384 other_diff = other->get_differences(other, this->other_host);
385
386 if (!my_diff && !other_diff)
387 {
388 return;
389 }
390
391 if (my_diff)
392 {
393 this->my_host->destroy(this->my_host);
394 this->my_host = me->clone(me);
395 }
396
397 if (!this->nat_here)
398 {
399 /* update without restrictions if we are not NATted */
400 if (other_diff)
401 {
402 this->other_host->destroy(this->other_host);
403 this->other_host = other->clone(other);
404 }
405 }
406 else
407 {
408 /* if we are natted, only port may change */
409 if (other_diff & HOST_DIFF_ADDR)
410 {
411 return;
412 }
413 else if (other_diff & HOST_DIFF_PORT)
414 {
415 this->other_host->set_port(this->other_host, other->get_port(other));
416 }
417 }
418 iterator = this->child_sas->create_iterator(this->child_sas, TRUE);
419 while (iterator->iterate(iterator, (void**)&child_sa))
420 {
421 child_sa->update_hosts(child_sa, this->my_host, this->other_host,
422 my_diff, other_diff);
423 /* TODO: what to do if update fails? Delete CHILD_SA? */
424 }
425 iterator->destroy(iterator);
426 }
427
428 /**
429 * send a request and schedule retransmission
430 */
431 static status_t transmit_request(private_ike_sa_t *this)
432 {
433 message_t *request;
434 packet_t *packet;
435 status_t status;
436 retransmit_request_job_t *job;
437 u_int32_t transmitted;
438 u_int32_t timeout;
439 transaction_t *transaction = this->transaction_out;
440 u_int32_t message_id;
441
442
443 this->logger->log(this->logger, CONTROL,
444 "transmitting request");
445
446 transmitted = transaction->requested(transaction);
447 timeout = charon->configuration->get_retransmit_timeout(charon->configuration,
448 transmitted,
449 this->retrans_sequences);
450 if (timeout == 0)
451 {
452 /* giving up. TODO: check for childrens with dpdaction=hold */
453 this->logger->log(this->logger, ERROR,
454 "giving up after %d retransmits, deleting IKE_SA",
455 transmitted - 1);
456 return DESTROY_ME;
457 }
458
459 status = transaction->get_request(transaction, &request);
460 if (status != SUCCESS)
461 {
462 this->logger->log(this->logger, ERROR,
463 "generating request failed");
464 return status;
465 }
466 message_id = transaction->get_message_id(transaction);
467 /* if we retransmit, the request is already generated */
468 if (transmitted == 0)
469 {
470 status = request->generate(request, this->crypter_out, this->signer_out, &packet);
471 if (status != SUCCESS)
472 {
473 this->logger->log(this->logger, ERROR,
474 "request generation failed. transaction discarded");
475 return FAILED;
476 }
477 }
478 else
479 {
480 this->logger->log(this->logger, CONTROL,
481 "sending retransmit %d for %s request with message ID %d",
482 transmitted,
483 mapping_find(exchange_type_m, request->get_exchange_type(request)),
484 message_id);
485 packet = request->get_packet(request);
486 }
487 /* finally send */
488 charon->send_queue->add(charon->send_queue, packet);
489 this->time.outbound = time(NULL);
490
491 /* schedule retransmission job */
492 job = retransmit_request_job_create(message_id, this->ike_sa_id);
493 charon->event_queue->add_relative(charon->event_queue, (job_t*)job, timeout);
494 return SUCCESS;
495 }
496
497 /**
498 * Implementation of ike_sa.retransmit_request.
499 */
500 static status_t retransmit_request(private_ike_sa_t *this, u_int32_t message_id)
501 {
502 if (this->transaction_out == NULL ||
503 this->transaction_out->get_message_id(this->transaction_out) != message_id)
504 {
505 if (this->transaction_out)
506 printf("trans_out->mid = %d, mid = %d\n", this->transaction_out->get_message_id(this->transaction_out), message_id);
507 /* no retransmit necessary, transaction did already complete */
508 return SUCCESS;
509 }
510 return transmit_request(this);
511 }
512
513 /**
514 * Check for transactions in the queue and initiate the first transaction found.
515 */
516 static status_t process_transaction_queue(private_ike_sa_t *this)
517 {
518 if (this->transaction_out)
519 {
520 /* already a transaction in progress */
521 return SUCCESS;
522 }
523
524 while (TRUE)
525 {
526 if (this->transaction_queue->remove_first(this->transaction_queue,
527 (void**)&this->transaction_out) != SUCCESS)
528 {
529 /* transaction queue empty */
530 return SUCCESS;
531 }
532 switch (transmit_request(this))
533 {
534 case SUCCESS:
535 return SUCCESS;
536 case DESTROY_ME:
537 /* critical, IKE_SA unusable, destroy immediately */
538 this->logger->log(this->logger, ERROR,
539 "transaction initiaton failed, deleting IKE_SA");
540 return DESTROY_ME;
541 default:
542 /* discard transaction, process next one */
543 this->logger->log(this->logger, ERROR,
544 "transaction initiation failed, discarded");
545 this->transaction_out->destroy(this->transaction_out);
546 this->transaction_out = NULL;
547 /* handle next transaction */
548 continue;
549 }
550 }
551 }
552
553 /**
554 * Queue a new transaction and execute the next outstanding transaction
555 */
556 static status_t queue_transaction(private_ike_sa_t *this, transaction_t *transaction, bool prefer)
557 {
558 /* inject next transaction */
559 if (transaction)
560 {
561 if (prefer)
562 {
563 this->transaction_queue->insert_first(this->transaction_queue, transaction);
564 }
565 else
566 {
567 this->transaction_queue->insert_last(this->transaction_queue, transaction);
568 }
569 }
570 /* process a transaction */
571 return process_transaction_queue(this);
572 }
573
574 /**
575 * process an incoming request.
576 */
577 static status_t process_request(private_ike_sa_t *this, message_t *request)
578 {
579 transaction_t *last, *current = NULL;
580 message_t *response;
581 packet_t *packet;
582 u_int32_t request_mid;
583 status_t status;
584
585 request_mid = request->get_message_id(request);
586 last = this->transaction_in;
587
588 /* check if message ID is correct */
589 if (last)
590 {
591 u_int32_t last_mid = last->get_message_id(last);
592
593 if (last_mid == request_mid)
594 {
595 /* retransmit detected */
596 this->logger->log(this->logger, ERROR,
597 "received retransmitted request for message ID %d, retransmitting response",
598 request_mid);
599 last->get_response(last, request, &response, &this->transaction_in_next);
600 packet = response->get_packet(response);
601 charon->send_queue->add(charon->send_queue, packet);
602 this->time.outbound = time(NULL);
603 return SUCCESS;
604 }
605
606 if (last_mid > request_mid)
607 {
608 /* something seriously wrong here, message id may not decrease */
609 this->logger->log(this->logger, ERROR,
610 "received request with message ID %d, excepted %d, ingored",
611 request_mid, last_mid + 1);
612 return FAILED;
613 }
614 /* we allow jumps in message IDs, as long as they are incremental */
615 if (last_mid + 1 < request_mid)
616 {
617 this->logger->log(this->logger, ERROR,
618 "received request with message ID %d, excepted %d",
619 request_mid, last_mid + 1);
620 }
621 }
622 else
623 {
624 if (request_mid != 0)
625 {
626 /* warn, but allow it */
627 this->logger->log(this->logger, CONTROL,
628 "first received request has message ID %d, excepted 0",
629 request_mid);
630 }
631 }
632
633 /* check if we already have a pre-created transaction for this request */
634 if (this->transaction_in_next)
635 {
636 current = this->transaction_in_next;
637 this->transaction_in_next = NULL;
638 }
639 else
640 {
641 current = transaction_create(&this->public, request);
642 if (current == NULL)
643 {
644 this->logger->log(this->logger, ERROR,
645 "no idea how to handle received message (%d), ignored",
646 request->get_exchange_type(request));
647 return FAILED;
648 }
649 }
650
651 /* send message. get_request() always gives a valid response */
652 status = current->get_response(current, request, &response, &this->transaction_in_next);
653 if (response->generate(response, this->crypter_out, this->signer_out, &packet) != SUCCESS)
654 {
655 this->logger->log(this->logger, ERROR,
656 "response generation failed, discarding transaction");
657 current->destroy(current);
658 return FAILED;
659 }
660
661 charon->send_queue->add(charon->send_queue, packet);
662 this->time.outbound = time(NULL);
663 /* act depending on transaction result */
664 switch (status)
665 {
666 case DESTROY_ME:
667 /* transactions says we should destroy the IKE_SA, so do it */
668 current->destroy(current);
669 return DESTROY_ME;
670 default:
671 /* store for retransmission, destroy old transaction */
672 this->transaction_in = current;
673 if (last)
674 {
675 last->destroy(last);
676 }
677 return SUCCESS;
678 }
679 }
680
681 /**
682 * process an incoming response
683 */
684 static status_t process_response(private_ike_sa_t *this, message_t *response)
685 {
686 transaction_t *current, *new = NULL;
687
688 current = this->transaction_out;
689 /* check if message ID is that of our currently active transaction */
690 if (current == NULL ||
691 current->get_message_id(current) != response->get_message_id(response))
692 {
693 this->logger->log(this->logger, ERROR,
694 "received response with message ID %d not requested, ignored");
695 return FAILED;
696 }
697
698 switch (current->conclude(current, response, &new))
699 {
700 case DESTROY_ME:
701 /* state requested to destroy IKE_SA */
702 return DESTROY_ME;
703 default:
704 /* discard transaction, process next one */
705 break;
706 }
707 /* transaction comleted, remove */
708 current->destroy(current);
709 this->transaction_out = NULL;
710
711 /* queue new transaction */
712 return queue_transaction(this, new, TRUE);
713 }
714
715 /**
716 * send a notify back to the sender
717 */
718 static void send_notify_response(private_ike_sa_t *this,
719 message_t *request,
720 notify_type_t type)
721 {
722 notify_payload_t *notify;
723 message_t *response;
724 host_t *src, *dst;
725 packet_t *packet;
726
727 response = message_create();
728 dst = request->get_source(request);
729 src = request->get_destination(request);
730 response->set_source(response, src->clone(src));
731 response->set_destination(response, dst->clone(dst));
732 response->set_exchange_type(response, request->get_exchange_type(request));
733 response->set_request(response, FALSE);
734 response->set_message_id(response, request->get_message_id(request));
735 response->set_ike_sa_id(response, this->ike_sa_id);
736 notify = notify_payload_create_from_protocol_and_type(PROTO_NONE, type);
737 response->add_payload(response, (payload_t *)notify);
738 if (response->generate(response, this->crypter_out, this->signer_out, &packet) != SUCCESS)
739 {
740 response->destroy(response);
741 return;
742 }
743 charon->send_queue->add(charon->send_queue, packet);
744 this->time.outbound = time(NULL);
745 response->destroy(response);
746 return;
747 }
748
749
750 /**
751 * Implementation of ike_sa_t.process_message.
752 */
753 static status_t process_message(private_ike_sa_t *this, message_t *message)
754 {
755 status_t status;
756 bool is_request;
757
758 is_request = message->get_request(message);
759
760 status = message->parse_body(message, this->crypter_in, this->signer_in);
761 if (status != SUCCESS)
762 {
763 if (is_request)
764 {
765 switch (status)
766 {
767 case NOT_SUPPORTED:
768 this->logger->log(this->logger, ERROR,
769 "ciritcal unknown payloads found");
770 if (is_request)
771 {
772 send_notify_response(this, message, UNSUPPORTED_CRITICAL_PAYLOAD);
773 }
774 break;
775 case PARSE_ERROR:
776 this->logger->log(this->logger, ERROR,
777 "message parsing failed");
778 if (is_request)
779 {
780 send_notify_response(this, message, INVALID_SYNTAX);
781 }
782 break;
783 case VERIFY_ERROR:
784 this->logger->log(this->logger, ERROR,
785 "message verification failed");
786 if (is_request)
787 {
788 send_notify_response(this, message, INVALID_SYNTAX);
789 }
790 break;
791 case FAILED:
792 this->logger->log(this->logger, ERROR,
793 "integrity check failed");
794 /* ignored */
795 break;
796 case INVALID_STATE:
797 this->logger->log(this->logger, ERROR,
798 "found encrypted message, but no keys available");
799 if (is_request)
800 {
801 send_notify_response(this, message, INVALID_SYNTAX);
802 }
803 default:
804 break;
805 }
806 }
807 this->logger->log(this->logger, ERROR,
808 "%s %s with message ID %d processing failed",
809 mapping_find(exchange_type_m, message->get_exchange_type(message)),
810 message->get_request(message) ? "request" : "response",
811 message->get_message_id(message));
812 }
813 else
814 {
815 /* check if message is trustworthy, and update connection information */
816 if (this->state == IKE_CREATED ||
817 message->get_exchange_type(message) != IKE_SA_INIT)
818 {
819 update_hosts(this, message->get_destination(message),
820 message->get_source(message));
821 this->time.inbound = time(NULL);
822 }
823 if (is_request)
824 {
825 status = process_request(this, message);
826 }
827 else
828 {
829 status = process_response(this, message);
830 }
831 }
832 return status;
833 }
834
835 /**
836 * Implementation of ike_sa_t.initiate.
837 */
838 static status_t initiate(private_ike_sa_t *this,
839 connection_t *connection, policy_t *policy)
840 {
841 switch (this->state)
842 {
843 case IKE_CREATED:
844 {
845 /* in state CREATED, we must do the ike_sa_init
846 * and ike_auth transactions. Along with these,
847 * a CHILD_SA with the supplied policy is set up.
848 */
849 ike_sa_init_t *ike_sa_init;
850
851 this->logger->log(this->logger, CONTROL,
852 "initiating IKE_SA");
853
854 set_name(this, connection->get_name(connection));
855 DESTROY_IF(this->my_host);
856 this->my_host = connection->get_my_host(connection);
857 this->my_host = this->my_host->clone(this->my_host);
858 DESTROY_IF(this->other_host);
859 this->other_host = connection->get_other_host(connection);
860 this->other_host = this->other_host->clone(this->other_host);
861 this->retrans_sequences = connection->get_retrans_seq(connection);
862 this->dpd_delay = connection->get_dpd_delay(connection);
863
864 this->message_id_out = 1;
865 ike_sa_init = ike_sa_init_create(&this->public);
866 ike_sa_init->set_config(ike_sa_init, connection, policy);
867 return queue_transaction(this, (transaction_t*)ike_sa_init, TRUE);
868 }
869 case IKE_DELETING:
870 case IKE_REKEYING:
871 {
872 /* if we are in DELETING/REKEYING, we deny set up of a policy. */
873 this->logger->log(this->logger, CONTROL,
874 "creating CHILD_SA discarded, as IKE_SA is in state %s",
875 mapping_find(ike_sa_state_m, this->state));
876 policy->destroy(policy);
877 connection->destroy(connection);
878 return FAILED;
879 }
880 case IKE_CONNECTING:
881 case IKE_ESTABLISHED:
882 {
883 /* if we are ESTABLISHED or CONNECTING,we queue the
884 * transaction to create the CHILD_SA. It gets processed
885 * when the IKE_SA is ready to do so. We don't need the
886 * connection, as the IKE_SA is already established/establishing.
887 */
888 create_child_sa_t *create_child;
889
890 this->logger->log(this->logger, CONTROL,
891 "initiating CHILD_SA");
892
893 connection->destroy(connection);
894 create_child = create_child_sa_create(&this->public);
895 create_child->set_policy(create_child, policy);
896 return queue_transaction(this, (transaction_t*)create_child, FALSE);
897 }
898 }
899 return FAILED;
900 }
901
902 /**
903 * Implementation of ike_sa_t.acquire.
904 */
905 static status_t acquire(private_ike_sa_t *this, u_int32_t reqid)
906 {
907 connection_t *connection;
908 policy_t *policy;
909 iterator_t *iterator;
910 child_sa_t *current, *child_sa = NULL;
911 linked_list_t *my_ts, *other_ts;
912
913 if (this->state == IKE_DELETING)
914 {
915 this->logger->log(this->logger, CONTROL,
916 "acquiring CHILD_SA with reqid %d discarded, as IKE_SA is deleting",
917 reqid);
918 return FAILED;
919 }
920
921
922 /* find CHILD_SA */
923 iterator = this->child_sas->create_iterator(this->child_sas, TRUE);
924 while (iterator->iterate(iterator, (void**)&current))
925 {
926 if (current->get_reqid(current) == reqid)
927 {
928 iterator->remove(iterator);
929 child_sa = current;
930 break;
931 }
932 }
933 iterator->destroy(iterator);
934 if (!child_sa)
935 {
936 this->logger->log(this->logger, ERROR,
937 "CHILD_SA with reqid %d not found, unable to acquire",
938 reqid);
939 return FAILED;
940 }
941 my_ts = child_sa->get_my_traffic_selectors(child_sa);
942 other_ts = child_sa->get_other_traffic_selectors(child_sa);
943
944 policy = charon->policies->get_policy(charon->policies,
945 this->my_id, this->other_id,
946 my_ts, other_ts,
947 this->my_host, this->other_host);
948 child_sa->destroy(child_sa);
949 if (policy == NULL)
950 {
951 this->logger->log(this->logger, ERROR,
952 "no policy found to acquire CHILD_SA with reqid %d",
953 reqid);
954 return FAILED;
955 }
956
957 switch (this->state)
958 {
959 case IKE_CREATED:
960 {
961 ike_sa_init_t *ike_sa_init;
962
963 this->logger->log(this->logger, CONTROL,
964 "acquiring CHILD_SA with reqid %d, IKE_SA setup needed",
965 reqid);
966
967 connection = charon->connections->get_connection_by_hosts(
968 charon->connections, this->my_host, this->other_host);
969
970 if (connection == NULL)
971 {
972 this->logger->log(this->logger, ERROR,
973 "no connection found to acquire IKE_SA for CHILD_SA with reqid %d",
974 reqid);
975 policy->destroy(policy);
976 return FAILED;
977 }
978
979 this->message_id_out = 1;
980 ike_sa_init = ike_sa_init_create(&this->public);
981 ike_sa_init->set_config(ike_sa_init, connection, policy);
982 /* reuse existing reqid */
983 ike_sa_init->set_reqid(ike_sa_init, reqid);
984 return queue_transaction(this, (transaction_t*)ike_sa_init, TRUE);
985 }
986 case IKE_CONNECTING:
987 case IKE_ESTABLISHED:
988 {
989 create_child_sa_t *create_child;
990
991 this->logger->log(this->logger, CONTROL,
992 "acquiring CHILD_SA with reqid %d",
993 reqid);
994
995 create_child = create_child_sa_create(&this->public);
996 create_child->set_policy(create_child, policy);
997 /* reuse existing reqid */
998 create_child->set_reqid(create_child, reqid);
999 return queue_transaction(this, (transaction_t*)create_child, FALSE);
1000 }
1001 default:
1002 break;
1003 }
1004 return FAILED;
1005 }
1006
1007 /**
1008 * destroy a list of traffic selectors
1009 */
1010 static void ts_list_destroy(linked_list_t *list)
1011 {
1012 traffic_selector_t *ts;
1013 while (list->remove_last(list, (void**)&ts) == SUCCESS)
1014 {
1015 ts->destroy(ts);
1016 }
1017 list->destroy(list);
1018 }
1019
1020 /**
1021 * compare two lists of traffic selectors for equality
1022 */
1023 static bool ts_list_equals(linked_list_t *l1, linked_list_t *l2)
1024 {
1025 bool equals = TRUE;
1026 iterator_t *i1, *i2;
1027 traffic_selector_t *t1, *t2;
1028
1029 i1 = l1->create_iterator(l1, TRUE);
1030 i2 = l2->create_iterator(l2, TRUE);
1031 while (i1->iterate(i1, (void**)&t1) && i2->iterate(i2, (void**)&t2))
1032 {
1033 if (!t1->equals(t1, t2))
1034 {
1035 equals = FALSE;
1036 break;
1037 }
1038 }
1039 /* check if one iterator is not at the end */
1040 if (i1->has_next(i1) || i2->has_next(i2))
1041 {
1042 equals = FALSE;
1043 }
1044 i1->destroy(i1);
1045 i2->destroy(i2);
1046 return equals;
1047 }
1048
1049 /**
1050 * Implementation of ike_sa_t.route.
1051 */
1052 static status_t route(private_ike_sa_t *this, connection_t *connection, policy_t *policy)
1053 {
1054 child_sa_t *child_sa = NULL;
1055 iterator_t *iterator;
1056 linked_list_t *my_ts, *other_ts;
1057 status_t status;
1058
1059 /* check if not already routed*/
1060 iterator = this->child_sas->create_iterator(this->child_sas, TRUE);
1061 while (iterator->iterate(iterator, (void**)&child_sa))
1062 {
1063 linked_list_t *my_ts_conf, *other_ts_conf;
1064
1065 my_ts = child_sa->get_my_traffic_selectors(child_sa);
1066 other_ts = child_sa->get_other_traffic_selectors(child_sa);
1067
1068 my_ts_conf = policy->get_my_traffic_selectors(policy, this->my_host);
1069 other_ts_conf = policy->get_other_traffic_selectors(policy, this->other_host);
1070
1071 if (ts_list_equals(my_ts, my_ts_conf) &&
1072 ts_list_equals(other_ts, other_ts_conf))
1073 {
1074 ts_list_destroy(my_ts_conf);
1075 ts_list_destroy(other_ts_conf);
1076 iterator->destroy(iterator);
1077 this->logger->log(this->logger, CONTROL,
1078 "a CHILD_SA with such a policy already routed");
1079
1080 return FAILED;
1081 }
1082 ts_list_destroy(my_ts_conf);
1083 ts_list_destroy(other_ts_conf);
1084 }
1085 iterator->destroy(iterator);
1086
1087 switch (this->state)
1088 {
1089 case IKE_CREATED:
1090 case IKE_CONNECTING:
1091 /* we update IKE_SA information as good as possible,
1092 * this allows us to set up the SA later when an acquire comes in. */
1093 if (this->my_id->get_type(this->my_id) == ID_ANY)
1094 {
1095 this->my_id->destroy(this->my_id);
1096 this->my_id = policy->get_my_id(policy);
1097 this->my_id = this->my_id->clone(this->my_id);
1098 }
1099 if (this->other_id->get_type(this->other_id) == ID_ANY)
1100 {
1101 this->other_id->destroy(this->other_id);
1102 this->other_id = policy->get_other_id(policy);
1103 this->other_id = this->other_id->clone(this->other_id);
1104 }
1105 if (this->my_host->is_anyaddr(this->my_host))
1106 {
1107 this->my_host->destroy(this->my_host);
1108 this->my_host = connection->get_my_host(connection);
1109 this->my_host = this->my_host->clone(this->my_host);
1110 }
1111 if (this->other_host->is_anyaddr(this->other_host))
1112 {
1113 this->other_host->destroy(this->other_host);
1114 this->other_host = connection->get_other_host(connection);
1115 this->other_host = this->other_host->clone(this->other_host);
1116 }
1117 set_name(this, connection->get_name(connection));
1118 this->retrans_sequences = connection->get_retrans_seq(connection);
1119 this->dpd_delay = connection->get_dpd_delay(connection);
1120 break;
1121 case IKE_ESTABLISHED:
1122 case IKE_REKEYING:
1123 /* nothing to do. We allow it for rekeying, as it will be
1124 * adopted by the new IKE_SA */
1125 break;
1126 case IKE_DELETING:
1127 /* deny */
1128 return FAILED;
1129 }
1130
1131 child_sa = child_sa_create(0, this->my_host, this->other_host, 0, 0, FALSE);
1132 child_sa->set_name(child_sa, policy->get_name(policy));
1133 my_ts = policy->get_my_traffic_selectors(policy, this->my_host);
1134 other_ts = policy->get_other_traffic_selectors(policy, this->other_host);
1135 status = child_sa->add_policies(child_sa, my_ts, other_ts);
1136 ts_list_destroy(my_ts);
1137 ts_list_destroy(other_ts);
1138 this->child_sas->insert_last(this->child_sas, child_sa);
1139
1140 return status;
1141 }
1142
1143 /**
1144 * Implementation of ike_sa_t.unroute.
1145 */
1146 static status_t unroute(private_ike_sa_t *this, policy_t *policy)
1147 {
1148 iterator_t *iterator;
1149 child_sa_t *child_sa = NULL;
1150 linked_list_t *my_ts, *other_ts, *my_ts_conf, *other_ts_conf;
1151
1152 /* find CHILD_SA in ROUTED state */
1153 iterator = this->child_sas->create_iterator(this->child_sas, TRUE);
1154 while (iterator->iterate(iterator, (void**)&child_sa))
1155 {
1156 if (child_sa->get_state(child_sa) == CHILD_ROUTED)
1157 {
1158 my_ts = child_sa->get_my_traffic_selectors(child_sa);
1159 other_ts = child_sa->get_other_traffic_selectors(child_sa);
1160
1161 my_ts_conf = policy->get_my_traffic_selectors(policy, this->my_host);
1162 other_ts_conf = policy->get_other_traffic_selectors(policy, this->other_host);
1163
1164 if (ts_list_equals(my_ts, my_ts_conf) &&
1165 ts_list_equals(other_ts, other_ts_conf))
1166 {
1167 iterator->remove(iterator);
1168 child_sa->destroy(child_sa);
1169 ts_list_destroy(my_ts_conf);
1170 ts_list_destroy(other_ts_conf);
1171 break;
1172 }
1173 ts_list_destroy(my_ts_conf);
1174 ts_list_destroy(other_ts_conf);
1175 }
1176 }
1177 iterator->destroy(iterator);
1178 /* if we are not established, and we have no more routed childs, remove whole SA */
1179 if (this->state == IKE_CREATED &&
1180 this->child_sas->get_count(this->child_sas) == 0)
1181 {
1182 return DESTROY_ME;
1183 }
1184 return SUCCESS;
1185 }
1186
1187 /**
1188 * Implementation of ike_sa_t.send_dpd
1189 */
1190 static status_t send_dpd(private_ike_sa_t *this)
1191 {
1192 send_dpd_job_t *job;
1193 time_t diff;
1194
1195 if (this->dpd_delay == 0)
1196 {
1197 /* DPD disabled */
1198 return SUCCESS;
1199 }
1200
1201 if (this->transaction_out)
1202 {
1203 /* there is a transaction in progress. Come back later */
1204 diff = 0;
1205 }
1206 else
1207 {
1208 /* check if there was any inbound traffic */
1209 time_t last_in, now;
1210 last_in = get_time_inbound(this);
1211 now = time(NULL);
1212 diff = now - last_in;
1213 if (diff >= this->dpd_delay)
1214 {
1215 /* to long ago, initiate dead peer detection */
1216 dead_peer_detection_t *dpd;
1217 this->logger->log(this->logger, CONTROL, "sending DPD request");
1218 dpd = dead_peer_detection_create(&this->public);
1219 queue_transaction(this, (transaction_t*)dpd, FALSE);
1220 diff = 0;
1221 }
1222 }
1223 /* recheck in "interval" seconds */
1224 job = send_dpd_job_create(this->ike_sa_id);
1225 charon->event_queue->add_relative(charon->event_queue, (job_t*)job,
1226 (this->dpd_delay - diff) * 1000);
1227 return SUCCESS;
1228 }
1229
1230 /**
1231 * Implementation of ike_sa_t.send_keepalive
1232 */
1233 static void send_keepalive(private_ike_sa_t *this)
1234 {
1235 send_keepalive_job_t *job;
1236 time_t last_out, now, diff, interval;
1237
1238 last_out = get_time_outbound(this);
1239 now = time(NULL);
1240
1241 diff = now - last_out;
1242 interval = charon->configuration->get_keepalive_interval(charon->configuration);
1243
1244 if (diff >= interval)
1245 {
1246 packet_t *packet;
1247 chunk_t data;
1248
1249 packet = packet_create();
1250 packet->set_source(packet, this->my_host->clone(this->my_host));
1251 packet->set_destination(packet, this->other_host->clone(this->other_host));
1252 data.ptr = malloc(1);
1253 data.ptr[0] = 0xFF;
1254 data.len = 1;
1255 packet->set_data(packet, data);
1256 charon->send_queue->add(charon->send_queue, packet);
1257 this->logger->log(this->logger, CONTROL, "sending keep alive");
1258 diff = 0;
1259 }
1260 job = send_keepalive_job_create(this->ike_sa_id);
1261 charon->event_queue->add_relative(charon->event_queue, (job_t*)job,
1262 (interval - diff) * 1000);
1263 }
1264
1265 /**
1266 * Implementation of ike_sa_t.get_state.
1267 */
1268 static ike_sa_state_t get_state(private_ike_sa_t *this)
1269 {
1270 return this->state;
1271 }
1272
1273 /**
1274 * Implementation of ike_sa_t.set_state.
1275 */
1276 static void set_state(private_ike_sa_t *this, ike_sa_state_t state)
1277 {
1278 this->logger->log(this->logger, CONTROL, "state change: %s => %s",
1279 mapping_find(ike_sa_state_m, this->state),
1280 mapping_find(ike_sa_state_m, state));
1281 if (state == IKE_ESTABLISHED)
1282 {
1283 this->time.established = time(NULL);
1284 this->logger->log(this->logger, AUDIT, "IKE_SA established: %s[%s]...%s[%s]",
1285 this->my_host->get_string(this->my_host),
1286 this->my_id->get_string(this->my_id),
1287 this->other_host->get_string(this->other_host),
1288 this->other_id->get_string(this->other_id));
1289 /* start DPD checks */
1290 send_dpd(this);
1291 }
1292 this->state = state;
1293 }
1294
1295 /**
1296 * Implementation of ike_sa_t.get_prf.
1297 */
1298 static prf_t *get_prf(private_ike_sa_t *this)
1299 {
1300 return this->prf;
1301 }
1302
1303 /**
1304 * Implementation of ike_sa_t.get_prf.
1305 */
1306 static prf_t *get_child_prf(private_ike_sa_t *this)
1307 {
1308 return this->child_prf;
1309 }
1310
1311 /**
1312 * Implementation of ike_sa_t.get_prf_auth_i.
1313 */
1314 static prf_t *get_prf_auth_i(private_ike_sa_t *this)
1315 {
1316 return this->prf_auth_i;
1317 }
1318
1319 /**
1320 * Implementation of ike_sa_t.get_prf_auth_r.
1321 */
1322 static prf_t *get_prf_auth_r(private_ike_sa_t *this)
1323 {
1324 return this->prf_auth_r;
1325 }
1326
1327 /**
1328 * Implementation of ike_sa_t.get_id.
1329 */
1330 static ike_sa_id_t* get_id(private_ike_sa_t *this)
1331 {
1332 return this->ike_sa_id;
1333 }
1334
1335 /**
1336 * Implementation of ike_sa_t.get_my_id.
1337 */
1338 static identification_t* get_my_id(private_ike_sa_t *this)
1339 {
1340 return this->my_id;
1341 }
1342
1343 /**
1344 * Implementation of ike_sa_t.set_my_id.
1345 */
1346 static void set_my_id(private_ike_sa_t *this, identification_t *me)
1347 {
1348 DESTROY_IF(this->my_id);
1349 this->my_id = me;
1350 }
1351
1352 /**
1353 * Implementation of ike_sa_t.get_other_id.
1354 */
1355 static identification_t* get_other_id(private_ike_sa_t *this)
1356 {
1357 return this->other_id;
1358 }
1359
1360 /**
1361 * Implementation of ike_sa_t.set_other_id.
1362 */
1363 static void set_other_id(private_ike_sa_t *this, identification_t *other)
1364 {
1365 DESTROY_IF(this->other_id);
1366 this->other_id = other;
1367 }
1368
1369 /**
1370 * Implementation of ike_sa_t.derive_keys.
1371 */
1372 static status_t derive_keys(private_ike_sa_t *this,
1373 proposal_t *proposal, diffie_hellman_t *dh,
1374 chunk_t nonce_i, chunk_t nonce_r,
1375 bool initiator, prf_t *child_prf, prf_t *old_prf)
1376 {
1377 prf_plus_t *prf_plus;
1378 chunk_t skeyseed, secret, key, nonces, prf_plus_seed;
1379 algorithm_t *algo;
1380 size_t key_size;
1381 crypter_t *crypter_i, *crypter_r;
1382 signer_t *signer_i, *signer_r;
1383 u_int8_t spi_i_buf[sizeof(u_int64_t)], spi_r_buf[sizeof(u_int64_t)];
1384 chunk_t spi_i = chunk_from_buf(spi_i_buf);
1385 chunk_t spi_r = chunk_from_buf(spi_r_buf);
1386
1387 /* Create SAs general purpose PRF first, we may use it here */
1388 if (!proposal->get_algorithm(proposal, PSEUDO_RANDOM_FUNCTION, &algo))
1389 {
1390 this->logger->log(this->logger, ERROR, "no PSEUDO_RANDOM_FUNCTION selected!");
1391 return FAILED;
1392 }
1393 this->prf = prf_create(algo->algorithm);
1394 if (this->prf == NULL)
1395 {
1396 this->logger->log(this->logger, ERROR, "PSEUDO_RANDOM_FUNCTION %s not supported!",
1397 mapping_find(pseudo_random_function_m, algo->algorithm));
1398 return FAILED;
1399 }
1400
1401 dh->get_shared_secret(dh, &secret);
1402 this->logger->log_chunk(this->logger, PRIVATE, "shared Diffie Hellman secret", secret);
1403 nonces = chunk_cat("cc", nonce_i, nonce_r);
1404 *((u_int64_t*)spi_i.ptr) = this->ike_sa_id->get_initiator_spi(this->ike_sa_id);
1405 *((u_int64_t*)spi_r.ptr) = this->ike_sa_id->get_responder_spi(this->ike_sa_id);
1406 prf_plus_seed = chunk_cat("ccc", nonces, spi_i, spi_r);
1407
1408 /* KEYMAT = prf+ (SKEYSEED, Ni | Nr | SPIi | SPIr)
1409 *
1410 * if we are rekeying, SKEYSEED built on another way
1411 */
1412 if (child_prf == NULL) /* not rekeying */
1413 {
1414 /* SKEYSEED = prf(Ni | Nr, g^ir) */
1415 this->prf->set_key(this->prf, nonces);
1416 this->prf->allocate_bytes(this->prf, secret, &skeyseed);
1417 this->logger->log_chunk(this->logger, PRIVATE|LEVEL1, "SKEYSEED", skeyseed);
1418 this->prf->set_key(this->prf, skeyseed);
1419 chunk_free(&skeyseed);
1420 chunk_free(&secret);
1421 prf_plus = prf_plus_create(this->prf, prf_plus_seed);
1422 }
1423 else
1424 {
1425 /* SKEYSEED = prf(SK_d (old), [g^ir (new)] | Ni | Nr)
1426 * use OLD SAs PRF functions for both prf_plus and prf */
1427 secret = chunk_cat("mc", secret, nonces);
1428 child_prf->allocate_bytes(child_prf, secret, &skeyseed);
1429 this->logger->log_chunk(this->logger, PRIVATE|LEVEL1, "SKEYSEED", skeyseed);
1430 old_prf->set_key(old_prf, skeyseed);
1431 chunk_free(&skeyseed);
1432 chunk_free(&secret);
1433 prf_plus = prf_plus_create(old_prf, prf_plus_seed);
1434 }
1435 chunk_free(&nonces);
1436 chunk_free(&prf_plus_seed);
1437
1438 /* KEYMAT = SK_d | SK_ai | SK_ar | SK_ei | SK_er | SK_pi | SK_pr */
1439
1440 /* SK_d is used for generating CHILD_SA key mat => child_prf */
1441 proposal->get_algorithm(proposal, PSEUDO_RANDOM_FUNCTION, &algo);
1442 this->child_prf = prf_create(algo->algorithm);
1443 key_size = this->child_prf->get_key_size(this->child_prf);
1444 prf_plus->allocate_bytes(prf_plus, key_size, &key);
1445 this->logger->log_chunk(this->logger, PRIVATE, "Sk_d secret", key);
1446 this->child_prf->set_key(this->child_prf, key);
1447 chunk_free(&key);
1448
1449 /* SK_ai/SK_ar used for integrity protection => signer_in/signer_out */
1450 if (!proposal->get_algorithm(proposal, INTEGRITY_ALGORITHM, &algo))
1451 {
1452 this->logger->log(this->logger, ERROR, "no INTEGRITY_ALGORITHM selected?!");
1453 return FAILED;
1454 }
1455 signer_i = signer_create(algo->algorithm);
1456 signer_r = signer_create(algo->algorithm);
1457 if (signer_i == NULL || signer_r == NULL)
1458 {
1459 this->logger->log(this->logger, ERROR, "INTEGRITY_ALGORITHM %s not supported!",
1460 mapping_find(integrity_algorithm_m,algo->algorithm));
1461 return FAILED;
1462 }
1463 key_size = signer_i->get_key_size(signer_i);
1464
1465 prf_plus->allocate_bytes(prf_plus, key_size, &key);
1466 this->logger->log_chunk(this->logger, PRIVATE, "Sk_ai secret", key);
1467 signer_i->set_key(signer_i, key);
1468 chunk_free(&key);
1469
1470 prf_plus->allocate_bytes(prf_plus, key_size, &key);
1471 this->logger->log_chunk(this->logger, PRIVATE, "Sk_ar secret", key);
1472 signer_r->set_key(signer_r, key);
1473 chunk_free(&key);
1474
1475 if (initiator)
1476 {
1477 this->signer_in = signer_r;
1478 this->signer_out = signer_i;
1479 }
1480 else
1481 {
1482 this->signer_in = signer_i;
1483 this->signer_out = signer_r;
1484 }
1485
1486 /* SK_ei/SK_er used for encryption => crypter_in/crypter_out */
1487 if (!proposal->get_algorithm(proposal, ENCRYPTION_ALGORITHM, &algo))
1488 {
1489 this->logger->log(this->logger, ERROR, "no ENCRYPTION_ALGORITHM selected!");
1490 return FAILED;
1491 }
1492 crypter_i = crypter_create(algo->algorithm, algo->key_size / 8);
1493 crypter_r = crypter_create(algo->algorithm, algo->key_size / 8);
1494 if (crypter_i == NULL || crypter_r == NULL)
1495 {
1496 this->logger->log(this->logger, ERROR,
1497 "ENCRYPTION_ALGORITHM %s (key size %d) not supported!",
1498 mapping_find(encryption_algorithm_m, algo->algorithm),
1499 algo->key_size);
1500 return FAILED;
1501 }
1502 key_size = crypter_i->get_key_size(crypter_i);
1503
1504 prf_plus->allocate_bytes(prf_plus, key_size, &key);
1505 this->logger->log_chunk(this->logger, PRIVATE, "Sk_ei secret", key);
1506 crypter_i->set_key(crypter_i, key);
1507 chunk_free(&key);
1508
1509 prf_plus->allocate_bytes(prf_plus, key_size, &key);
1510 this->logger->log_chunk(this->logger, PRIVATE, "Sk_er secret", key);
1511 crypter_r->set_key(crypter_r, key);
1512 chunk_free(&key);
1513
1514 if (initiator)
1515 {
1516 this->crypter_in = crypter_r;
1517 this->crypter_out = crypter_i;
1518 }
1519 else
1520 {
1521 this->crypter_in = crypter_i;
1522 this->crypter_out = crypter_r;
1523 }
1524
1525 /* SK_pi/SK_pr used for authentication => prf_auth_i, prf_auth_r */
1526 proposal->get_algorithm(proposal, PSEUDO_RANDOM_FUNCTION, &algo);
1527 this->prf_auth_i = prf_create(algo->algorithm);
1528 this->prf_auth_r = prf_create(algo->algorithm);
1529
1530 key_size = this->prf_auth_i->get_key_size(this->prf_auth_i);
1531 prf_plus->allocate_bytes(prf_plus, key_size, &key);
1532 this->logger->log_chunk(this->logger, PRIVATE, "Sk_pi secret", key);
1533 this->prf_auth_i->set_key(this->prf_auth_i, key);
1534 chunk_free(&key);
1535
1536 prf_plus->allocate_bytes(prf_plus, key_size, &key);
1537 this->logger->log_chunk(this->logger, PRIVATE, "Sk_pr secret", key);
1538 this->prf_auth_r->set_key(this->prf_auth_r, key);
1539 chunk_free(&key);
1540
1541 /* all done, prf_plus not needed anymore */
1542 prf_plus->destroy(prf_plus);
1543
1544 return SUCCESS;
1545
1546 }
1547
1548 /**
1549 * Implementation of ike_sa_t.add_child_sa.
1550 */
1551 static void add_child_sa(private_ike_sa_t *this, child_sa_t *child_sa)
1552 {
1553 this->child_sas->insert_last(this->child_sas, child_sa);
1554 }
1555
1556 /**
1557 * Implementation of ike_sa_t.has_child_sa.
1558 */
1559 static bool has_child_sa(private_ike_sa_t *this, u_int32_t reqid)
1560 {
1561 iterator_t *iterator;
1562 child_sa_t *current;
1563 bool found = FALSE;
1564
1565 iterator = this->child_sas->create_iterator(this->child_sas, TRUE);
1566 while (iterator->iterate(iterator, (void**)&current))
1567 {
1568 if (current->get_reqid(current) == reqid)
1569 {
1570 found = TRUE;
1571 break;
1572 }
1573 }
1574 iterator->destroy(iterator);
1575 return found;
1576 }
1577
1578 /**
1579 * Implementation of ike_sa_t.get_child_sa.
1580 */
1581 static child_sa_t* get_child_sa(private_ike_sa_t *this, protocol_id_t protocol,
1582 u_int32_t spi, bool inbound)
1583 {
1584 iterator_t *iterator;
1585 child_sa_t *current, *found = NULL;
1586
1587 iterator = this->child_sas->create_iterator(this->child_sas, TRUE);
1588 while (iterator->has_next(iterator))
1589 {
1590 iterator->current(iterator, (void**)&current);
1591 if (current->get_spi(current, inbound) == spi &&
1592 current->get_protocol(current) == protocol)
1593 {
1594 found = current;
1595 }
1596 }
1597 iterator->destroy(iterator);
1598 return found;
1599 }
1600
1601 /**
1602 * Implementation of ike_sa_t.create_child_sa_iterator.
1603 */
1604 static iterator_t* create_child_sa_iterator(private_ike_sa_t *this)
1605 {
1606 return this->child_sas->create_iterator(this->child_sas, TRUE);
1607 }
1608
1609 /**
1610 * Implementation of ike_sa_t.rekey_child_sa.
1611 */
1612 static status_t rekey_child_sa(private_ike_sa_t *this, protocol_id_t protocol, u_int32_t spi)
1613 {
1614 create_child_sa_t *rekey;
1615 child_sa_t *child_sa;
1616
1617 child_sa = get_child_sa(this, protocol, spi, TRUE);
1618 if (child_sa == NULL)
1619 {
1620 return NOT_FOUND;
1621 }
1622
1623 rekey = create_child_sa_create(&this->public);
1624 rekey->rekeys_child(rekey, child_sa);
1625 return queue_transaction(this, (transaction_t*)rekey, FALSE);
1626 }
1627
1628 /**
1629 * Implementation of ike_sa_t.delete_child_sa.
1630 */
1631 static status_t delete_child_sa(private_ike_sa_t *this, protocol_id_t protocol, u_int32_t spi)
1632 {
1633 delete_child_sa_t *del;
1634 child_sa_t *child_sa;
1635
1636 child_sa = get_child_sa(this, protocol, spi, TRUE);
1637 if (child_sa == NULL)
1638 {
1639 return NOT_FOUND;
1640 }
1641
1642 del = delete_child_sa_create(&this->public);
1643 del->set_child_sa(del, child_sa);
1644 return queue_transaction(this, (transaction_t*)del, FALSE);
1645 }
1646
1647 /**
1648 * Implementation of ike_sa_t.destroy_child_sa.
1649 */
1650 static status_t destroy_child_sa(private_ike_sa_t *this, protocol_id_t protocol, u_int32_t spi)
1651 {
1652 iterator_t *iterator;
1653 child_sa_t *child_sa;
1654 status_t status = NOT_FOUND;
1655
1656 iterator = this->child_sas->create_iterator(this->child_sas, TRUE);
1657 while (iterator->iterate(iterator, (void**)&child_sa))
1658 {
1659 if (child_sa->get_protocol(child_sa) == protocol &&
1660 child_sa->get_spi(child_sa, TRUE) == spi)
1661 {
1662 child_sa->destroy(child_sa);
1663 iterator->remove(iterator);
1664 status = SUCCESS;
1665 break;
1666 }
1667 }
1668 iterator->destroy(iterator);
1669 return status;
1670 }
1671
1672 /**
1673 * Implementation of ike_sa_t.set_lifetimes.
1674 */
1675 static void set_lifetimes(private_ike_sa_t *this,
1676 u_int32_t soft_lifetime, u_int32_t hard_lifetime)
1677 {
1678 job_t *job;
1679
1680 if (soft_lifetime)
1681 {
1682 this->time.rekey = this->time.established + soft_lifetime;
1683 job = (job_t*)rekey_ike_sa_job_create(this->ike_sa_id);
1684 charon->event_queue->add_relative(charon->event_queue, job,
1685 soft_lifetime * 1000);
1686 }
1687
1688 if (hard_lifetime)
1689 {
1690 this->time.delete = this->time.established + hard_lifetime;
1691 job = (job_t*)delete_ike_sa_job_create(this->ike_sa_id, TRUE);
1692 charon->event_queue->add_relative(charon->event_queue, job,
1693 hard_lifetime * 1000);
1694 }
1695 }
1696
1697 /**
1698 * Implementation of ike_sa_t.rekey.
1699 */
1700 static status_t rekey(private_ike_sa_t *this)
1701 {
1702 rekey_ike_sa_t *rekey_ike_sa;
1703
1704 this->logger->log(this->logger, CONTROL,
1705 "rekeying IKE_SA between %s[%s]..%s[%s]",
1706 this->my_host->get_string(this->my_host),
1707 this->my_id->get_string(this->my_id),
1708 this->other_host->get_string(this->other_host),
1709 this->other_id->get_string(this->other_id));
1710
1711 if (this->state != IKE_ESTABLISHED)
1712 {
1713 this->logger->log(this->logger, ERROR,
1714 "unable to rekey IKE_SA in state %s",
1715 mapping_find(ike_sa_state_m, this->state));
1716 return FAILED;
1717 }
1718
1719 rekey_ike_sa = rekey_ike_sa_create(&this->public);
1720 return queue_transaction(this, (transaction_t*)rekey_ike_sa, FALSE);
1721 }
1722
1723 /**
1724 * Implementation of ike_sa_t.get_rekeying_transaction.
1725 */
1726 static rekey_ike_sa_t* get_rekeying_transaction(private_ike_sa_t *this)
1727 {
1728 return this->rekeying_transaction;
1729 }
1730
1731 /**
1732 * Implementation of ike_sa_t.set_rekeying_transaction.
1733 */
1734 static void set_rekeying_transaction(private_ike_sa_t *this, rekey_ike_sa_t *rekey)
1735 {
1736 this->rekeying_transaction = rekey;
1737 }
1738
1739 /**
1740 * Implementation of ike_sa_t.adopt_children.
1741 */
1742 static void adopt_children(private_ike_sa_t *this, private_ike_sa_t *other)
1743 {
1744 child_sa_t *child_sa;
1745
1746 while (other->child_sas->remove_last(other->child_sas,
1747 (void**)&child_sa) == SUCCESS)
1748 {
1749 this->child_sas->insert_first(this->child_sas, (void*)child_sa);
1750 }
1751 }
1752
1753 /**
1754 * Implementation of ike_sa_t.log_status.
1755 */
1756 static void log_status(private_ike_sa_t *this, logger_t *logger, char *name)
1757 {
1758 iterator_t *iterator;
1759 child_sa_t *child_sa;
1760 bool contains_child = FALSE;
1761
1762 /* check for a CHILD_SA with specified name. We then print the IKE_SA,
1763 * even it has another name */
1764 if (name != NULL)
1765 {
1766 iterator = this->child_sas->create_iterator(this->child_sas, TRUE);
1767 while (iterator->iterate(iterator, (void**)&child_sa))
1768 {
1769 if (streq(name, child_sa->get_name(child_sa)))
1770 {
1771 contains_child = TRUE;
1772 break;
1773 }
1774 }
1775 iterator->destroy(iterator);
1776 }
1777
1778 if (name == NULL || contains_child || streq(name, this->name))
1779 {
1780 if (logger == NULL)
1781 {
1782 logger = this->logger;
1783 }
1784 logger->log(logger, CONTROL|LEVEL1,
1785 " \"%s\": IKE_SA in state %s, SPIs: 0x%.16llx 0x%.16llx",
1786 this->name,
1787 mapping_find(ike_sa_state_m, this->state),
1788 this->ike_sa_id->get_initiator_spi(this->ike_sa_id),
1789 this->ike_sa_id->get_responder_spi(this->ike_sa_id));
1790 logger->log(logger, CONTROL, " \"%s\": %s[%s]...%s[%s]",
1791 this->name,
1792 this->my_host->get_string(this->my_host),
1793 this->my_id->get_string(this->my_id),
1794 this->other_host->get_string(this->other_host),
1795 this->other_id->get_string(this->other_id));
1796
1797 iterator = this->child_sas->create_iterator(this->child_sas, TRUE);
1798 while (iterator->has_next(iterator))
1799 {
1800 iterator->current(iterator, (void**)&child_sa);
1801 child_sa->log_status(child_sa, logger);
1802 }
1803 iterator->destroy(iterator);
1804 }
1805 }
1806
1807 /**
1808 * Implementation of public_ike_sa_t.delete.
1809 */
1810 static status_t delete_(private_ike_sa_t *this)
1811 {
1812 switch (this->state)
1813 {
1814 case IKE_CONNECTING:
1815 case IKE_ESTABLISHED:
1816 {
1817 delete_ike_sa_t *delete_ike_sa;
1818 if (this->transaction_out)
1819 {
1820 /* already a transaction in progress. As this may hang
1821 * around a while, we don't inform the other peer. */
1822 return DESTROY_ME;
1823 }
1824 delete_ike_sa = delete_ike_sa_create(&this->public);
1825 return queue_transaction(this, (transaction_t*)delete_ike_sa, FALSE);
1826 }
1827 case IKE_CREATED:
1828 case IKE_DELETING:
1829 default:
1830 {
1831 return DESTROY_ME;
1832 }
1833 }
1834 }
1835
1836 /**
1837 * Implementation of ike_sa_t.get_next_message_id.
1838 */
1839 static u_int32_t get_next_message_id (private_ike_sa_t *this)
1840 {
1841 return this->message_id_out++;
1842 }
1843
1844 /**
1845 * Implementation of ike_sa_t.is_natt_enabled.
1846 */
1847 static bool is_natt_enabled (private_ike_sa_t *this)
1848 {
1849 return this->nat_here || this->nat_there;
1850 }
1851
1852 /**
1853 * Implementation of ike_sa_t.enable_natt.
1854 */
1855 static void enable_natt (private_ike_sa_t *this, bool local)
1856 {
1857 if (local)
1858 {
1859 this->logger->log(this->logger, CONTROL,
1860 "local host is behind NAT, using NAT-T, scheduled keep alives");
1861 this->nat_here = TRUE;
1862 send_keepalive(this);
1863 }
1864 else
1865 {
1866 this->logger->log(this->logger, CONTROL,
1867 "remote host is behind NAT, using NAT-T");
1868 this->nat_there = TRUE;
1869 }
1870 }
1871
1872 /**
1873 * Implementation of ike_sa_t.destroy.
1874 */
1875 static void destroy(private_ike_sa_t *this)
1876 {
1877 child_sa_t *child_sa;
1878 transaction_t *transaction;
1879
1880 this->logger->log(this->logger, CONTROL|LEVEL2, "going to destroy IKE SA %llu:%llu, role %s",
1881 this->ike_sa_id->get_initiator_spi(this->ike_sa_id),
1882 this->ike_sa_id->get_responder_spi(this->ike_sa_id),
1883 this->ike_sa_id->is_initiator(this->ike_sa_id) ? "initiator" : "responder");
1884
1885 if (this->state == IKE_ESTABLISHED)
1886 {
1887 this->logger->log(this->logger, ERROR,
1888 "destroying an established IKE SA without knowledge from remote peer!");
1889 }
1890
1891 while (this->child_sas->remove_last(this->child_sas, (void**)&child_sa) == SUCCESS)
1892 {
1893 child_sa->destroy(child_sa);
1894 }
1895 this->child_sas->destroy(this->child_sas);
1896
1897 while (this->transaction_queue->remove_last(this->transaction_queue, (void**)&transaction) == SUCCESS)
1898 {
1899 transaction->destroy(transaction);
1900 }
1901 this->transaction_queue->destroy(this->transaction_queue);
1902
1903 DESTROY_IF(this->transaction_in);
1904 DESTROY_IF(this->transaction_in_next);
1905 DESTROY_IF(this->transaction_out);
1906 DESTROY_IF(this->crypter_in);
1907 DESTROY_IF(this->crypter_out);
1908 DESTROY_IF(this->signer_in);
1909 DESTROY_IF(this->signer_out);
1910 DESTROY_IF(this->prf);
1911 DESTROY_IF(this->child_prf);
1912 DESTROY_IF(this->prf_auth_i);
1913 DESTROY_IF(this->prf_auth_r);
1914
1915 this->logger->log(this->logger, AUDIT,
1916 "IKE_SA deleted between %s[%s]...%s[%s]",
1917 this->my_host->get_string(this->my_host),
1918 this->my_id->get_string(this->my_id),
1919 this->other_host->get_string(this->other_host),
1920 this->other_id->get_string(this->other_id));
1921
1922 DESTROY_IF(this->my_host);
1923 DESTROY_IF(this->other_host);
1924 DESTROY_IF(this->my_id);
1925 DESTROY_IF(this->other_id);
1926
1927 free(this->name);
1928 this->ike_sa_id->destroy(this->ike_sa_id);
1929 free(this);
1930 }
1931
1932 /*
1933 * Described in header.
1934 */
1935 ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id)
1936 {
1937 private_ike_sa_t *this = malloc_thing(private_ike_sa_t);
1938
1939 /* Public functions */
1940 this->public.get_state = (ike_sa_state_t(*)(ike_sa_t*)) get_state;
1941 this->public.set_state = (void(*)(ike_sa_t*,ike_sa_state_t)) set_state;
1942 this->public.get_name = (char*(*)(ike_sa_t*))get_name;
1943 this->public.set_name = (void(*)(ike_sa_t*,char*))set_name;
1944 this->public.process_message = (status_t(*)(ike_sa_t*, message_t*)) process_message;
1945 this->public.initiate = (status_t(*)(ike_sa_t*,connection_t*,policy_t*)) initiate;
1946 this->public.route = (status_t(*)(ike_sa_t*,connection_t*,policy_t*)) route;
1947 this->public.unroute = (status_t(*)(ike_sa_t*,policy_t*)) unroute;
1948 this->public.acquire = (status_t(*)(ike_sa_t*,u_int32_t)) acquire;
1949 this->public.get_id = (ike_sa_id_t*(*)(ike_sa_t*)) get_id;
1950 this->public.get_my_host = (host_t*(*)(ike_sa_t*)) get_my_host;
1951 this->public.set_my_host = (void(*)(ike_sa_t*,host_t*)) set_my_host;
1952 this->public.get_other_host = (host_t*(*)(ike_sa_t*)) get_other_host;
1953 this->public.set_other_host = (void(*)(ike_sa_t*,host_t*)) set_other_host;
1954 this->public.get_my_id = (identification_t*(*)(ike_sa_t*)) get_my_id;
1955 this->public.set_my_id = (void(*)(ike_sa_t*,identification_t*)) set_my_id;
1956 this->public.get_other_id = (identification_t*(*)(ike_sa_t*)) get_other_id;
1957 this->public.set_other_id = (void(*)(ike_sa_t*,identification_t*)) set_other_id;
1958 this->public.get_next_message_id = (u_int32_t(*)(ike_sa_t*)) get_next_message_id;
1959 this->public.retransmit_request = (status_t (*) (ike_sa_t *, u_int32_t)) retransmit_request;
1960 this->public.log_status = (void (*) (ike_sa_t*,logger_t*,char*))log_status;
1961 this->public.delete = (status_t(*)(ike_sa_t*))delete_;
1962 this->public.destroy = (void(*)(ike_sa_t*))destroy;
1963 this->public.send_dpd = (status_t (*)(ike_sa_t*)) send_dpd;
1964 this->public.send_keepalive = (void (*)(ike_sa_t*)) send_keepalive;
1965 this->public.get_prf = (prf_t *(*) (ike_sa_t *)) get_prf;
1966 this->public.get_child_prf = (prf_t *(*) (ike_sa_t *)) get_child_prf;
1967 this->public.get_prf_auth_i = (prf_t *(*) (ike_sa_t *)) get_prf_auth_i;
1968 this->public.get_prf_auth_r = (prf_t *(*) (ike_sa_t *)) get_prf_auth_r;
1969 this->public.derive_keys = (status_t (*) (ike_sa_t *,proposal_t*,diffie_hellman_t*,chunk_t,chunk_t,bool,prf_t*,prf_t*)) derive_keys;
1970 this->public.add_child_sa = (void (*) (ike_sa_t*,child_sa_t*)) add_child_sa;
1971 this->public.has_child_sa = (bool(*)(ike_sa_t*,u_int32_t)) has_child_sa;
1972 this->public.get_child_sa = (child_sa_t* (*)(ike_sa_t*,protocol_id_t,u_int32_t,bool)) get_child_sa;
1973 this->public.create_child_sa_iterator = (iterator_t* (*)(ike_sa_t*)) create_child_sa_iterator;
1974 this->public.rekey_child_sa = (status_t(*)(ike_sa_t*,protocol_id_t,u_int32_t)) rekey_child_sa;
1975 this->public.delete_child_sa = (status_t(*)(ike_sa_t*,protocol_id_t,u_int32_t)) delete_child_sa;
1976 this->public.destroy_child_sa = (status_t (*)(ike_sa_t*,protocol_id_t,u_int32_t))destroy_child_sa;
1977 this->public.enable_natt = (void(*)(ike_sa_t*, bool)) enable_natt;
1978 this->public.is_natt_enabled = (bool(*)(ike_sa_t*)) is_natt_enabled;
1979 this->public.set_lifetimes = (void(*)(ike_sa_t*,u_int32_t,u_int32_t))set_lifetimes;
1980 this->public.rekey = (status_t(*)(ike_sa_t*))rekey;
1981 this->public.get_rekeying_transaction = (void*(*)(ike_sa_t*))get_rekeying_transaction;
1982 this->public.set_rekeying_transaction = (void(*)(ike_sa_t*,void*))set_rekeying_transaction;
1983 this->public.adopt_children = (void(*)(ike_sa_t*,ike_sa_t*))adopt_children;
1984
1985 /* initialize private fields */
1986 this->logger = logger_manager->get_logger(logger_manager, IKE_SA);
1987 this->ike_sa_id = ike_sa_id->clone(ike_sa_id);
1988 this->name = strdup("(uninitialized)");
1989 this->child_sas = linked_list_create();
1990 this->my_host = host_create_from_string("0.0.0.0", 0);
1991 this->other_host = host_create_from_string("0.0.0.0", 0);
1992 this->my_id = identification_create_from_encoding(ID_ANY, CHUNK_INITIALIZER);
1993 this->other_id = identification_create_from_encoding(ID_ANY, CHUNK_INITIALIZER);
1994 this->crypter_in = NULL;
1995 this->crypter_out = NULL;
1996 this->signer_in = NULL;
1997 this->signer_out = NULL;
1998 this->prf = NULL;
1999 this->prf_auth_i = NULL;
2000 this->prf_auth_r = NULL;
2001 this->child_prf = NULL;
2002 this->nat_here = FALSE;
2003 this->nat_there = FALSE;
2004 this->transaction_queue = linked_list_create();
2005 this->transaction_in = NULL;
2006 this->transaction_in_next = NULL;
2007 this->transaction_out = NULL;
2008 this->rekeying_transaction = NULL;
2009 this->state = IKE_CREATED;
2010 this->message_id_out = 0;
2011 /* set to NOW, as when we rekey an existing IKE_SA no message is exchanged */
2012 this->time.inbound = this->time.outbound = time(NULL);
2013 this->time.established = 0;
2014 this->time.rekey = 0;
2015 this->time.delete = 0;
2016 this->dpd_delay = 0;
2017 this->retrans_sequences = 0;
2018
2019 return &this->public;
2020 }