projects / strongswan.git / blob
? search:


7c77411bcbbdb489d43a7aa644a71eccf6a43ea1
[strongswan.git] / src / charon / sa / ike_sa.c
1 /**
2 * @file ike_sa.c
3 *
4 * @brief Implementation of ike_sa_t.
5 *
6 */
7
8 /*
9 * Copyright (C) 2006 Tobias Brunner, Daniel Roethlisberger
10 * Copyright (C) 2005-2006 Martin Willi
11 * Copyright (C) 2005 Jan Hutter
12 * Hochschule fuer Technik Rapperswil
13 *
14 * This program is free software; you can redistribute it and/or modify it
15 * under the terms of the GNU General Public License as published by the
16 * Free Software Foundation; either version 2 of the License, or (at your
17 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
18 *
19 * This program is distributed in the hope that it will be useful, but
20 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
21 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
22 * for more details.
23 */
24
25 #include <sys/time.h>
26 #include <string.h>
27 #include <printf.h>
28
29 #include "ike_sa.h"
30
31 #include <types.h>
32 #include <daemon.h>
33 #include <definitions.h>
34 #include <utils/linked_list.h>
35 #include <crypto/diffie_hellman.h>
36 #include <crypto/prf_plus.h>
37 #include <crypto/crypters/crypter.h>
38 #include <crypto/hashers/hasher.h>
39 #include <encoding/payloads/sa_payload.h>
40 #include <encoding/payloads/nonce_payload.h>
41 #include <encoding/payloads/ke_payload.h>
42 #include <encoding/payloads/delete_payload.h>
43 #include <encoding/payloads/transform_substructure.h>
44 #include <encoding/payloads/transform_attribute.h>
45 #include <encoding/payloads/ts_payload.h>
46 #include <sa/transactions/transaction.h>
47 #include <sa/transactions/ike_sa_init.h>
48 #include <sa/transactions/delete_ike_sa.h>
49 #include <sa/transactions/create_child_sa.h>
50 #include <sa/transactions/delete_child_sa.h>
51 #include <sa/transactions/dead_peer_detection.h>
52 #include <sa/transactions/rekey_ike_sa.h>
53 #include <queues/jobs/retransmit_request_job.h>
54 #include <queues/jobs/delete_ike_sa_job.h>
55 #include <queues/jobs/send_dpd_job.h>
56 #include <queues/jobs/send_keepalive_job.h>
57 #include <queues/jobs/rekey_ike_sa_job.h>
58 #include <queues/jobs/route_job.h>
59 #include <queues/jobs/initiate_job.h>
60
61 ENUM(ike_sa_state_names, IKE_CREATED, IKE_DELETING,
62 "CREATED",
63 "CONNECTING",
64 "ESTABLISHED",
65 "REKEYING",
66 "DELETING",
67 );
68
69 typedef struct private_ike_sa_t private_ike_sa_t;
70
71 /**
72 * Private data of an ike_sa_t object.
73 */
74 struct private_ike_sa_t {
75
76 /**
77 * Public members
78 */
79 ike_sa_t public;
80
81 /**
82 * Identifier for the current IKE_SA.
83 */
84 ike_sa_id_t *ike_sa_id;
85
86 /**
87 * Current state of the IKE_SA
88 */
89 ike_sa_state_t state;
90
91 /**
92 * Name of the connection used by this IKE_SA
93 */
94 char *name;
95
96 /**
97 * Address of local host
98 */
99 host_t *my_host;
100
101 /**
102 * Address of remote host
103 */
104 host_t *other_host;
105
106 /**
107 * Identification used for us
108 */
109 identification_t *my_id;
110
111 /**
112 * Identification used for other
113 */
114 identification_t *other_id;
115
116 /**
117 * Linked List containing the child sa's of the current IKE_SA.
118 */
119 linked_list_t *child_sas;
120
121 /**
122 * crypter for inbound traffic
123 */
124 crypter_t *crypter_in;
125
126 /**
127 * crypter for outbound traffic
128 */
129 crypter_t *crypter_out;
130
131 /**
132 * Signer for inbound traffic
133 */
134 signer_t *signer_in;
135
136 /**
137 * Signer for outbound traffic
138 */
139 signer_t *signer_out;
140
141 /**
142 * Multi purpose prf, set key, use it, forget it
143 */
144 prf_t *prf;
145
146 /**
147 * Prf function for derivating keymat child SAs
148 */
149 prf_t *child_prf;
150
151 /**
152 * PRF, with key set to pi_key, used for authentication
153 */
154 prf_t *prf_auth_i;
155
156 /**
157 * PRF, with key set to pr_key, used for authentication
158 */
159 prf_t *prf_auth_r;
160
161 /**
162 * NAT hasher.
163 */
164 hasher_t *nat_hasher;
165
166 /**
167 * NAT status of local host.
168 */
169 bool nat_here;
170
171 /**
172 * NAT status of remote host.
173 */
174 bool nat_there;
175
176 /**
177 * message ID for next outgoung request
178 */
179 u_int32_t message_id_out;
180
181 /**
182 * Timestamps for this IKE_SA
183 */
184 struct {
185 /** last IKE message received */
186 u_int32_t inbound;
187 /** last IKE message sent */
188 u_int32_t outbound;
189 /** when IKE_SA became established */
190 u_int32_t established;
191 /** when IKE_SA gets rekeyed */
192 u_int32_t rekey;
193 /** when IKE_SA gets deleted */
194 u_int32_t delete;
195 } time;
196
197 /**
198 * interval to send DPD liveness check
199 */
200 time_t dpd_delay;
201
202 /**
203 * number of retransmit sequences to go through before giving up (keyingtries)
204 */
205 u_int32_t retrans_sequences;
206
207 /**
208 * List of queued transactions to process
209 */
210 linked_list_t *transaction_queue;
211
212 /**
213 * Transaction currently initiated
214 * (only one supported yet, window size = 1)
215 */
216 transaction_t *transaction_out;
217
218 /**
219 * last transaction initiated by peer processed.
220 * (only one supported yet, window size = 1)
221 * Stored for retransmission.
222 */
223 transaction_t *transaction_in;
224
225 /**
226 * Next incoming transaction expected. Used to
227 * do multi transaction operations.
228 */
229 transaction_t *transaction_in_next;
230
231 /**
232 * Transaction which rekeys this IKE_SA, used do detect simultaneus rekeying
233 */
234 rekey_ike_sa_t *rekeying_transaction;
235 };
236
237 /**
238 * get the time of the latest traffic processed by the kernel
239 */
240 static time_t get_kernel_time(private_ike_sa_t* this, bool inbound)
241 {
242 iterator_t *iterator;
243 child_sa_t *child_sa;
244 time_t latest = 0, use_time;
245
246 iterator = this->child_sas->create_iterator(this->child_sas, TRUE);
247 while (iterator->iterate(iterator, (void**)&child_sa))
248 {
249 if (child_sa->get_use_time(child_sa, inbound, &use_time) == SUCCESS)
250 {
251 latest = max(latest, use_time);
252 }
253 }
254 iterator->destroy(iterator);
255
256 return latest;
257 }
258
259 /**
260 * get the time of the latest received traffice
261 */
262 static time_t get_time_inbound(private_ike_sa_t *this)
263 {
264 return max(this->time.inbound, get_kernel_time(this, TRUE));
265 }
266
267 /**
268 * get the time of the latest sent traffic
269 */
270 static time_t get_time_outbound(private_ike_sa_t *this)
271 {
272 return max(this->time.outbound, get_kernel_time(this, FALSE));
273 }
274
275 /**
276 * Implementation of ike_sa_t.get_name.
277 */
278 static char *get_name(private_ike_sa_t *this)
279 {
280 return this->name;
281 }
282
283 /**
284 * Implementation of ike_sa_t.set_name.
285 */
286 static void set_name(private_ike_sa_t *this, char* name)
287 {
288 free(this->name);
289 this->name = strdup(name);
290 }
291
292 /**
293 * Implementation of ike_sa_t.apply_connection.
294 */
295 static void apply_connection(private_ike_sa_t *this, connection_t *connection)
296 {
297 this->dpd_delay = connection->get_dpd_delay(connection);
298 this->retrans_sequences = connection->get_retrans_seq(connection);
299 }
300
301 /**
302 * Implementation of ike_sa_t.get_my_host.
303 */
304 static host_t *get_my_host(private_ike_sa_t *this)
305 {
306 return this->my_host;
307 }
308
309 /**
310 * Implementation of ike_sa_t.set_my_host.
311 */
312 static void set_my_host(private_ike_sa_t *this, host_t *me)
313 {
314 DESTROY_IF(this->my_host);
315 this->my_host = me;
316 }
317
318 /**
319 * Implementation of ike_sa_t.get_other_host.
320 */
321 static host_t *get_other_host(private_ike_sa_t *this)
322 {
323 return this->other_host;
324 }
325
326 /**
327 * Implementation of ike_sa_t.set_other_host.
328 */
329 static void set_other_host(private_ike_sa_t *this, host_t *other)
330 {
331 DESTROY_IF(this->other_host);
332 this->other_host = other;
333 }
334
335 /**
336 * Update connection host, as addresses may change (NAT)
337 */
338 static void update_hosts(private_ike_sa_t *this, host_t *me, host_t *other)
339 {
340 /*
341 * Quoting RFC 4306:
342 *
343 * 2.11. Address and Port Agility
344 *
345 * IKE runs over UDP ports 500 and 4500, and implicitly sets up ESP and
346 * AH associations for the same IP addresses it runs over. The IP
347 * addresses and ports in the outer header are, however, not themselves
348 * cryptographically protected, and IKE is designed to work even through
349 * Network Address Translation (NAT) boxes. An implementation MUST
350 * accept incoming requests even if the source port is not 500 or 4500,
351 * and MUST respond to the address and port from which the request was
352 * received. It MUST specify the address and port at which the request
353 * was received as the source address and port in the response. IKE
354 * functions identically over IPv4 or IPv6.
355 *
356 * [...]
357 *
358 * There are cases where a NAT box decides to remove mappings that
359 * are still alive (for example, the keepalive interval is too long,
360 * or the NAT box is rebooted). To recover in these cases, hosts
361 * that are not behind a NAT SHOULD send all packets (including
362 * retransmission packets) to the IP address and port from the last
363 * valid authenticated packet from the other end (i.e., dynamically
364 * update the address). A host behind a NAT SHOULD NOT do this
365 * because it opens a DoS attack possibility. Any authenticated IKE
366 * packet or any authenticated UDP-encapsulated ESP packet can be
367 * used to detect that the IP address or the port has changed.
368 */
369 iterator_t *iterator = NULL;
370 child_sa_t *child_sa = NULL;
371 host_diff_t my_diff, other_diff;
372
373 if (this->my_host->is_anyaddr(this->my_host) ||
374 this->other_host->is_anyaddr(this->other_host))
375 {
376 /* on first received message */
377 this->my_host->destroy(this->my_host);
378 this->my_host = me->clone(me);
379 this->other_host->destroy(this->other_host);
380 this->other_host = other->clone(other);
381 return;
382 }
383
384 my_diff = me->get_differences(me, this->my_host);
385 other_diff = other->get_differences(other, this->other_host);
386
387 if (!my_diff && !other_diff)
388 {
389 return;
390 }
391
392 if (my_diff)
393 {
394 this->my_host->destroy(this->my_host);
395 this->my_host = me->clone(me);
396 }
397
398 if (!this->nat_here)
399 {
400 /* update without restrictions if we are not NATted */
401 if (other_diff)
402 {
403 this->other_host->destroy(this->other_host);
404 this->other_host = other->clone(other);
405 }
406 }
407 else
408 {
409 /* if we are natted, only port may change */
410 if (other_diff & HOST_DIFF_ADDR)
411 {
412 return;
413 }
414 else if (other_diff & HOST_DIFF_PORT)
415 {
416 this->other_host->set_port(this->other_host, other->get_port(other));
417 }
418 }
419 iterator = this->child_sas->create_iterator(this->child_sas, TRUE);
420 while (iterator->iterate(iterator, (void**)&child_sa))
421 {
422 child_sa->update_hosts(child_sa, this->my_host, this->other_host,
423 my_diff, other_diff);
424 /* TODO: what to do if update fails? Delete CHILD_SA? */
425 }
426 iterator->destroy(iterator);
427 }
428
429 /**
430 * called when the peer is not responding anymore
431 */
432 static void dpd_detected(private_ike_sa_t *this)
433 {
434 /* check for childrens with dpdaction=hold */
435 connection_t *connection = NULL;
436 policy_t *policy;
437 linked_list_t *my_ts, *other_ts;
438 child_sa_t* child_sa;
439 dpd_action_t action;
440 job_t *job;
441
442 DBG2(SIG_DBG_IKE, "dead peer detected, handling CHILD_SAs dpd action");
443
444 while(this->child_sas->remove_first(this->child_sas,
445 (void**)&child_sa) == SUCCESS)
446 {
447 /* get the policy which belongs to this CHILD */
448 my_ts = child_sa->get_my_traffic_selectors(child_sa);
449 other_ts = child_sa->get_other_traffic_selectors(child_sa);
450 policy = charon->policies->get_policy(charon->policies,
451 this->my_id, this->other_id,
452 my_ts, other_ts,
453 this->my_host, this->other_host);
454 if (policy == NULL)
455 {
456 SIG(SIG_CHILD_FAILED, "no policy for CHILD to handle DPD");
457 continue;
458 }
459
460 action = policy->get_dpd_action(policy);
461 /* get a connection for further actions */
462 if (connection == NULL &&
463 (action == DPD_ROUTE || action == DPD_RESTART))
464 {
465 connection = charon->connections->get_connection_by_hosts(
466 charon->connections,
467 this->my_host, this->other_host);
468 if (connection == NULL)
469 {
470 SIG(SIG_IKE_FAILED, "no connection found to handle DPD");
471 break;
472 }
473 }
474
475 DBG1(SIG_DBG_IKE, "dpd action for %s is %N",
476 policy->get_name(policy), dpd_action_names, action);
477
478 switch (action)
479 {
480 case DPD_ROUTE:
481 connection->get_ref(connection);
482 job = (job_t*)route_job_create(connection, policy, TRUE);
483 charon->job_queue->add(charon->job_queue, job);
484 break;
485 case DPD_RESTART:
486 connection->get_ref(connection);
487 job = (job_t*)initiate_job_create(connection, policy);
488 charon->job_queue->add(charon->job_queue, job);
489 break;
490 default:
491 policy->destroy(policy);
492 break;
493 }
494 child_sa->destroy(child_sa);
495 }
496 DESTROY_IF(connection);
497 }
498
499 /**
500 * send a request and schedule retransmission
501 */
502 static status_t transmit_request(private_ike_sa_t *this)
503 {
504 message_t *request;
505 packet_t *packet;
506 status_t status;
507 retransmit_request_job_t *job;
508 u_int32_t transmitted;
509 u_int32_t timeout;
510 transaction_t *transaction = this->transaction_out;
511 u_int32_t message_id;
512
513 transmitted = transaction->requested(transaction);
514 timeout = charon->configuration->get_retransmit_timeout(charon->configuration,
515 transmitted,
516 this->retrans_sequences);
517 if (timeout == 0)
518 {
519 SIG(SIG_IKE_FAILED, "giving up after %d retransmits, deleting IKE_SA",
520 transmitted - 1);
521 dpd_detected(this);
522 return DESTROY_ME;
523 }
524
525 status = transaction->get_request(transaction, &request);
526 if (status != SUCCESS)
527 {
528 /* generating request failed */
529 return status;
530 }
531 message_id = transaction->get_message_id(transaction);
532 /* if we retransmit, the request is already generated */
533 if (transmitted == 0)
534 {
535 status = request->generate(request, this->crypter_out, this->signer_out, &packet);
536 if (status != SUCCESS)
537 {
538 DBG1(SIG_DBG_IKE, "request generation failed. transaction discarded");
539 return FAILED;
540 }
541 }
542 else
543 {
544 DBG1(SIG_DBG_IKE, "sending retransmit %d for %N request with messageID %d",
545 transmitted, exchange_type_names, request->get_exchange_type(request),
546 message_id);
547 packet = request->get_packet(request);
548 }
549 /* finally send */
550 charon->send_queue->add(charon->send_queue, packet);
551 this->time.outbound = time(NULL);
552
553 /* schedule retransmission job */
554 job = retransmit_request_job_create(message_id, this->ike_sa_id);
555 charon->event_queue->add_relative(charon->event_queue, (job_t*)job, timeout);
556 return SUCCESS;
557 }
558
559 /**
560 * Implementation of ike_sa.retransmit_request.
561 */
562 static status_t retransmit_request(private_ike_sa_t *this, u_int32_t message_id)
563 {
564 if (this->transaction_out == NULL ||
565 this->transaction_out->get_message_id(this->transaction_out) != message_id)
566 {
567 /* no retransmit necessary, transaction did already complete */
568 return SUCCESS;
569 }
570 return transmit_request(this);
571 }
572
573 /**
574 * Check for transactions in the queue and initiate the first transaction found.
575 */
576 static status_t process_transaction_queue(private_ike_sa_t *this)
577 {
578 if (this->transaction_out)
579 {
580 /* already a transaction in progress */
581 return SUCCESS;
582 }
583
584 while (TRUE)
585 {
586 if (this->transaction_queue->remove_first(this->transaction_queue,
587 (void**)&this->transaction_out) != SUCCESS)
588 {
589 /* transaction queue empty */
590 return SUCCESS;
591 }
592 switch (transmit_request(this))
593 {
594 case SUCCESS:
595 return SUCCESS;
596 case DESTROY_ME:
597 /* critical, IKE_SA unusable, destroy immediately */
598 return DESTROY_ME;
599 default:
600 /* discard transaction, process next one */
601 this->transaction_out->destroy(this->transaction_out);
602 this->transaction_out = NULL;
603 /* handle next transaction */
604 continue;
605 }
606 }
607 }
608
609 /**
610 * Queue a new transaction and execute the next outstanding transaction
611 */
612 static status_t queue_transaction(private_ike_sa_t *this, transaction_t *transaction, bool prefer)
613 {
614 /* inject next transaction */
615 if (transaction)
616 {
617 if (prefer)
618 {
619 this->transaction_queue->insert_first(this->transaction_queue, transaction);
620 }
621 else
622 {
623 this->transaction_queue->insert_last(this->transaction_queue, transaction);
624 }
625 }
626 /* process a transaction */
627 return process_transaction_queue(this);
628 }
629
630 /**
631 * process an incoming request.
632 */
633 static status_t process_request(private_ike_sa_t *this, message_t *request)
634 {
635 transaction_t *last, *current = NULL;
636 message_t *response;
637 packet_t *packet;
638 u_int32_t request_mid;
639 status_t status;
640
641 request_mid = request->get_message_id(request);
642 last = this->transaction_in;
643
644 /* check if message ID is correct */
645 if (last)
646 {
647 u_int32_t last_mid = last->get_message_id(last);
648
649 if (last_mid == request_mid)
650 {
651 /* retransmit detected */
652 DBG1(SIG_DBG_IKE, "received retransmitted request for message "
653 "ID %d, retransmitting response", request_mid);
654 last->get_response(last, request, &response, &this->transaction_in_next);
655 packet = response->get_packet(response);
656 charon->send_queue->add(charon->send_queue, packet);
657 this->time.outbound = time(NULL);
658 return SUCCESS;
659 }
660
661 if (last_mid > request_mid)
662 {
663 /* something seriously wrong here, message id may not decrease */
664 DBG1(SIG_DBG_IKE, "received request with message ID %d, "
665 "excepted %d, ingored", request_mid, last_mid + 1);
666 return FAILED;
667 }
668 /* we allow jumps in message IDs, as long as they are incremental */
669 if (last_mid + 1 < request_mid)
670 {
671 DBG1(SIG_DBG_IKE, "received request with message ID %d, excepted %d",
672 request_mid, last_mid + 1);
673 }
674 }
675 else
676 {
677 if (request_mid != 0)
678 {
679 /* warn, but allow it */
680 DBG1(SIG_DBG_IKE, "first received request has message ID %d, "
681 "excepted 0", request_mid);
682 }
683 }
684
685 /* check if we already have a pre-created transaction for this request */
686 if (this->transaction_in_next)
687 {
688 current = this->transaction_in_next;
689 this->transaction_in_next = NULL;
690 }
691 else
692 {
693 current = transaction_create(&this->public, request);
694 if (current == NULL)
695 {
696 DBG1(SIG_DBG_IKE, "no idea how to handle received message (exchange"
697 " type %d), ignored", request->get_exchange_type(request));
698 return FAILED;
699 }
700 }
701
702 /* send message. get_request() always gives a valid response */
703 status = current->get_response(current, request, &response, &this->transaction_in_next);
704 if (response->generate(response, this->crypter_out, this->signer_out, &packet) != SUCCESS)
705 {
706 DBG1(SIG_DBG_IKE, "response generation failed, discarding transaction");
707 current->destroy(current);
708 return FAILED;
709 }
710
711 charon->send_queue->add(charon->send_queue, packet);
712 this->time.outbound = time(NULL);
713 /* act depending on transaction result */
714 switch (status)
715 {
716 case DESTROY_ME:
717 /* transactions says we should destroy the IKE_SA, so do it */
718 current->destroy(current);
719 return DESTROY_ME;
720 default:
721 /* store for retransmission, destroy old transaction */
722 this->transaction_in = current;
723 if (last)
724 {
725 last->destroy(last);
726 }
727 return SUCCESS;
728 }
729 }
730
731 /**
732 * process an incoming response
733 */
734 static status_t process_response(private_ike_sa_t *this, message_t *response)
735 {
736 transaction_t *current, *new = NULL;
737
738 current = this->transaction_out;
739 /* check if message ID is that of our currently active transaction */
740 if (current == NULL ||
741 current->get_message_id(current) != response->get_message_id(response))
742 {
743 DBG1(SIG_DBG_IKE, "received response with message ID %d "
744 "not requested, ignored", response->get_message_id(response));
745 return FAILED;
746 }
747
748 switch (current->conclude(current, response, &new))
749 {
750 case DESTROY_ME:
751 /* state requested to destroy IKE_SA */
752 return DESTROY_ME;
753 default:
754 /* discard transaction, process next one */
755 break;
756 }
757 /* transaction comleted, remove */
758 current->destroy(current);
759 this->transaction_out = NULL;
760
761 /* queue new transaction */
762 return queue_transaction(this, new, TRUE);
763 }
764
765 /**
766 * send a notify back to the sender
767 */
768 static void send_notify_response(private_ike_sa_t *this,
769 message_t *request,
770 notify_type_t type)
771 {
772 notify_payload_t *notify;
773 message_t *response;
774 host_t *src, *dst;
775 packet_t *packet;
776
777 response = message_create();
778 dst = request->get_source(request);
779 src = request->get_destination(request);
780 response->set_source(response, src->clone(src));
781 response->set_destination(response, dst->clone(dst));
782 response->set_exchange_type(response, request->get_exchange_type(request));
783 response->set_request(response, FALSE);
784 response->set_message_id(response, request->get_message_id(request));
785 response->set_ike_sa_id(response, this->ike_sa_id);
786 notify = notify_payload_create_from_protocol_and_type(PROTO_NONE, type);
787 response->add_payload(response, (payload_t *)notify);
788 if (response->generate(response, this->crypter_out, this->signer_out, &packet) != SUCCESS)
789 {
790 response->destroy(response);
791 return;
792 }
793 charon->send_queue->add(charon->send_queue, packet);
794 this->time.outbound = time(NULL);
795 response->destroy(response);
796 return;
797 }
798
799
800 /**
801 * Implementation of ike_sa_t.process_message.
802 */
803 static status_t process_message(private_ike_sa_t *this, message_t *message)
804 {
805 status_t status;
806 bool is_request;
807
808 is_request = message->get_request(message);
809
810 status = message->parse_body(message, this->crypter_in, this->signer_in);
811 if (status != SUCCESS)
812 {
813
814 if (is_request)
815 {
816 switch (status)
817 {
818 case NOT_SUPPORTED:
819 DBG1(SIG_DBG_IKE, "ciritcal unknown payloads found");
820 if (is_request)
821 {
822 send_notify_response(this, message, UNSUPPORTED_CRITICAL_PAYLOAD);
823 }
824 break;
825 case PARSE_ERROR:
826 DBG1(SIG_DBG_IKE, "message parsing failed");
827 if (is_request)
828 {
829 send_notify_response(this, message, INVALID_SYNTAX);
830 }
831 break;
832 case VERIFY_ERROR:
833 DBG1(SIG_DBG_IKE, "message verification failed");
834 if (is_request)
835 {
836 send_notify_response(this, message, INVALID_SYNTAX);
837 }
838 break;
839 case FAILED:
840 DBG1(SIG_DBG_IKE, "integrity check failed");
841 /* ignored */
842 break;
843 case INVALID_STATE:
844 DBG1(SIG_DBG_IKE, "found encrypted message, but no keys available");
845 if (is_request)
846 {
847 send_notify_response(this, message, INVALID_SYNTAX);
848 }
849 default:
850 break;
851 }
852 }
853 DBG1(SIG_DBG_IKE, "%N %s with message ID %d processing failed",
854 exchange_type_names, message->get_exchange_type(message),
855 message->get_request(message) ? "request" : "response",
856 message->get_message_id(message));
857 }
858 else
859 {
860 /* check if message is trustworthy, and update connection information */
861 if (this->state == IKE_CREATED ||
862 message->get_exchange_type(message) != IKE_SA_INIT)
863 {
864 update_hosts(this, message->get_destination(message),
865 message->get_source(message));
866 this->time.inbound = time(NULL);
867 }
868 if (is_request)
869 {
870 status = process_request(this, message);
871 }
872 else
873 {
874 status = process_response(this, message);
875 }
876 }
877 return status;
878 }
879
880 /**
881 * Implementation of ike_sa_t.initiate.
882 */
883 static status_t initiate(private_ike_sa_t *this,
884 connection_t *connection, policy_t *policy)
885 {
886 switch (this->state)
887 {
888 case IKE_CREATED:
889 {
890 /* in state CREATED, we must do the ike_sa_init
891 * and ike_auth transactions. Along with these,
892 * a CHILD_SA with the supplied policy is set up.
893 */
894 ike_sa_init_t *ike_sa_init;
895
896 SIG(SIG_INITIATE, "initiating new IKE_SA for CHILD_SA");
897 DESTROY_IF(this->my_host);
898 this->my_host = connection->get_my_host(connection);
899 this->my_host = this->my_host->clone(this->my_host);
900 DESTROY_IF(this->other_host);
901 this->other_host = connection->get_other_host(connection);
902 this->other_host = this->other_host->clone(this->other_host);
903 this->retrans_sequences = connection->get_retrans_seq(connection);
904 this->dpd_delay = connection->get_dpd_delay(connection);
905
906 if (this->other_host->is_anyaddr(this->other_host))
907 {
908 SIG(SIG_IKE_FAILED,
909 "can not initiate a connection to %%any, aborting");
910 SIG(SIG_CHILD_FAILED,
911 "unable to create an IKE_SA to instantiate policy");
912 policy->destroy(policy);
913 connection->destroy(connection);
914 return DESTROY_ME;
915 }
916
917 this->message_id_out = 1;
918 ike_sa_init = ike_sa_init_create(&this->public);
919 ike_sa_init->set_config(ike_sa_init, connection, policy);
920 return queue_transaction(this, (transaction_t*)ike_sa_init, TRUE);
921 }
922 case IKE_DELETING:
923 case IKE_REKEYING:
924 {
925 /* if we are in DELETING/REKEYING, we deny set up of a policy.
926 * TODO: would it make sense to queue the transaction and adopt
927 * it all transactions to the new IKE_SA? */
928 SIG(SIG_CHILD_FAILED,
929 "creating CHILD_SA discarded, as IKE_SA is in state %N",
930 ike_sa_state_names, this->state);
931 policy->destroy(policy);
932 connection->destroy(connection);
933 return FAILED;
934 }
935 case IKE_CONNECTING:
936 case IKE_ESTABLISHED:
937 {
938 /* if we are ESTABLISHED or CONNECTING, we queue the
939 * transaction to create the CHILD_SA. It gets processed
940 * when the IKE_SA is ready to do so. We don't need the
941 * connection, as the IKE_SA is already established/establishing.
942 */
943 create_child_sa_t *create_child;
944
945 SIG(SIG_INITIATE, "creating CHILD_SA in existing IKE_SA");
946 connection->destroy(connection);
947 create_child = create_child_sa_create(&this->public);
948 create_child->set_policy(create_child, policy);
949 return queue_transaction(this, (transaction_t*)create_child, FALSE);
950 }
951 }
952 return FAILED;
953 }
954
955 /**
956 * Implementation of ike_sa_t.acquire.
957 */
958 static status_t acquire(private_ike_sa_t *this, u_int32_t reqid)
959 {
960 connection_t *connection;
961 policy_t *policy;
962 iterator_t *iterator;
963 child_sa_t *current, *child_sa = NULL;
964 linked_list_t *my_ts, *other_ts;
965
966 if (this->state == IKE_DELETING)
967 {
968 SIG(SIG_CHILD_FAILED, "acquiring CHILD_SA (reqid %d) failed: "
969 "IKE_SA is deleting", reqid);
970 return FAILED;
971 }
972
973 /* find CHILD_SA */
974 iterator = this->child_sas->create_iterator(this->child_sas, TRUE);
975 while (iterator->iterate(iterator, (void**)&current))
976 {
977 if (current->get_reqid(current) == reqid)
978 {
979 child_sa = current;
980 break;
981 }
982 }
983 iterator->destroy(iterator);
984 if (!child_sa)
985 {
986 SIG(SIG_CHILD_FAILED, "acquiring CHILD_SA (reqid %d) failed: "
987 "CHILD_SA not found", reqid);
988 return FAILED;
989 }
990 my_ts = child_sa->get_my_traffic_selectors(child_sa);
991 other_ts = child_sa->get_other_traffic_selectors(child_sa);
992
993 policy = charon->policies->get_policy(charon->policies,
994 this->my_id, this->other_id,
995 my_ts, other_ts,
996 this->my_host, this->other_host);
997 if (policy == NULL)
998 {
999 SIG(SIG_CHILD_FAILED, "acquiring CHILD_SA (reqid %d) failed: "
1000 "no policy found", reqid);
1001 return FAILED;
1002 }
1003
1004 switch (this->state)
1005 {
1006 case IKE_CREATED:
1007 {
1008 ike_sa_init_t *ike_sa_init;
1009
1010 DBG1(SIG_DBG_CHD,
1011 "acquiring CHILD_SA with reqid %d, IKE_SA setup needed", reqid);
1012
1013 connection = charon->connections->get_connection_by_hosts(
1014 charon->connections, this->my_host, this->other_host);
1015
1016 if (connection == NULL)
1017 {
1018 SIG(SIG_CHILD_FAILED, "acquiring CHILD_SA "
1019 "(reqid %d) failed: no connection found for IKE_SA", reqid);
1020 policy->destroy(policy);
1021 return FAILED;
1022 }
1023
1024 this->message_id_out = 1;
1025 ike_sa_init = ike_sa_init_create(&this->public);
1026 ike_sa_init->set_config(ike_sa_init, connection, policy);
1027 /* reuse existing reqid */
1028 ike_sa_init->set_reqid(ike_sa_init, reqid);
1029 return queue_transaction(this, (transaction_t*)ike_sa_init, TRUE);
1030 }
1031 case IKE_CONNECTING:
1032 case IKE_ESTABLISHED:
1033 {
1034 create_child_sa_t *create_child;
1035
1036 DBG1(SIG_DBG_CHD, "acquiring CHILD_SA with reqid %d", reqid);
1037
1038 create_child = create_child_sa_create(&this->public);
1039 create_child->set_policy(create_child, policy);
1040 /* reuse existing reqid */
1041 create_child->set_reqid(create_child, reqid);
1042 return queue_transaction(this, (transaction_t*)create_child, FALSE);
1043 }
1044 default:
1045 break;
1046 }
1047 return FAILED;
1048 }
1049
1050 /**
1051 * compare two lists of traffic selectors for equality
1052 */
1053 static bool ts_list_equals(linked_list_t *l1, linked_list_t *l2)
1054 {
1055 bool equals = TRUE;
1056 iterator_t *i1, *i2;
1057 traffic_selector_t *t1, *t2;
1058
1059 if (l1->get_count(l1) != l2->get_count(l2))
1060 {
1061 return FALSE;
1062 }
1063
1064 i1 = l1->create_iterator(l1, TRUE);
1065 i2 = l2->create_iterator(l2, TRUE);
1066 while (i1->iterate(i1, (void**)&t1) && i2->iterate(i2, (void**)&t2))
1067 {
1068 if (!t1->equals(t1, t2))
1069 {
1070 equals = FALSE;
1071 break;
1072 }
1073 }
1074 i1->destroy(i1);
1075 i2->destroy(i2);
1076 return equals;
1077 }
1078
1079 /**
1080 * Implementation of ike_sa_t.route.
1081 */
1082 static status_t route(private_ike_sa_t *this, connection_t *connection, policy_t *policy)
1083 {
1084 child_sa_t *child_sa = NULL;
1085 iterator_t *iterator;
1086 linked_list_t *my_ts, *other_ts;
1087 status_t status;
1088
1089 /* check if not already routed*/
1090 iterator = this->child_sas->create_iterator(this->child_sas, TRUE);
1091 while (iterator->iterate(iterator, (void**)&child_sa))
1092 {
1093 if (child_sa->get_state(child_sa) == CHILD_ROUTED)
1094 {
1095 linked_list_t *my_ts_conf, *other_ts_conf;
1096
1097 my_ts = child_sa->get_my_traffic_selectors(child_sa);
1098 other_ts = child_sa->get_other_traffic_selectors(child_sa);
1099
1100 my_ts_conf = policy->get_my_traffic_selectors(policy, this->my_host);
1101 other_ts_conf = policy->get_other_traffic_selectors(policy, this->other_host);
1102
1103 if (ts_list_equals(my_ts, my_ts_conf) &&
1104 ts_list_equals(other_ts, other_ts_conf))
1105 {
1106 iterator->destroy(iterator);
1107 my_ts_conf->destroy_offset(my_ts_conf, offsetof(traffic_selector_t, destroy));
1108 other_ts_conf->destroy_offset(other_ts_conf, offsetof(traffic_selector_t, destroy));
1109 SIG(SIG_CHILD_FAILED, "CHILD_SA with such a policy "
1110 "already routed");
1111 return FAILED;
1112 }
1113 my_ts_conf->destroy_offset(my_ts_conf, offsetof(traffic_selector_t, destroy));
1114 other_ts_conf->destroy_offset(other_ts_conf, offsetof(traffic_selector_t, destroy));
1115 }
1116 }
1117 iterator->destroy(iterator);
1118
1119 switch (this->state)
1120 {
1121 case IKE_CREATED:
1122 case IKE_CONNECTING:
1123 /* we update IKE_SA information as good as possible,
1124 * this allows us to set up the SA later when an acquire comes in. */
1125 if (this->my_id->get_type(this->my_id) == ID_ANY)
1126 {
1127 this->my_id->destroy(this->my_id);
1128 this->my_id = policy->get_my_id(policy);
1129 this->my_id = this->my_id->clone(this->my_id);
1130 }
1131 if (this->other_id->get_type(this->other_id) == ID_ANY)
1132 {
1133 this->other_id->destroy(this->other_id);
1134 this->other_id = policy->get_other_id(policy);
1135 this->other_id = this->other_id->clone(this->other_id);
1136 }
1137 if (this->my_host->is_anyaddr(this->my_host))
1138 {
1139 this->my_host->destroy(this->my_host);
1140 this->my_host = connection->get_my_host(connection);
1141 this->my_host = this->my_host->clone(this->my_host);
1142 }
1143 if (this->other_host->is_anyaddr(this->other_host))
1144 {
1145 this->other_host->destroy(this->other_host);
1146 this->other_host = connection->get_other_host(connection);
1147 this->other_host = this->other_host->clone(this->other_host);
1148 }
1149 set_name(this, connection->get_name(connection));
1150 this->retrans_sequences = connection->get_retrans_seq(connection);
1151 this->dpd_delay = connection->get_dpd_delay(connection);
1152 break;
1153 case IKE_ESTABLISHED:
1154 case IKE_REKEYING:
1155 /* nothing to do. We allow it for rekeying, as it will be
1156 * adopted by the new IKE_SA */
1157 break;
1158 case IKE_DELETING:
1159 SIG(SIG_CHILD_FAILED, "CHILD_SA with such a policy "
1160 "already routed");
1161 return FAILED;
1162 }
1163
1164 child_sa = child_sa_create(0, this->my_host, this->other_host,
1165 this->my_id, this->other_id,
1166 0, 0,
1167 NULL, policy->get_hostaccess(policy),
1168 FALSE);
1169 child_sa->set_name(child_sa, policy->get_name(policy));
1170 my_ts = policy->get_my_traffic_selectors(policy, this->my_host);
1171 other_ts = policy->get_other_traffic_selectors(policy, this->other_host);
1172 status = child_sa->add_policies(child_sa, my_ts, other_ts);
1173 my_ts->destroy_offset(my_ts, offsetof(traffic_selector_t, destroy));
1174 other_ts->destroy_offset(other_ts, offsetof(traffic_selector_t, destroy));
1175 this->child_sas->insert_last(this->child_sas, child_sa);
1176 SIG(SIG_CHILD_ROUTE,
1177 "CHILD_SA routed: %R...%R", my_ts, other_ts);
1178 return status;
1179 }
1180
1181 /**
1182 * Implementation of ike_sa_t.unroute.
1183 */
1184 static status_t unroute(private_ike_sa_t *this, policy_t *policy)
1185 {
1186 iterator_t *iterator;
1187 child_sa_t *child_sa = NULL;
1188 linked_list_t *my_ts, *other_ts, *my_ts_conf, *other_ts_conf;
1189
1190 /* find CHILD_SA in ROUTED state */
1191 iterator = this->child_sas->create_iterator(this->child_sas, TRUE);
1192 while (iterator->iterate(iterator, (void**)&child_sa))
1193 {
1194 if (child_sa->get_state(child_sa) == CHILD_ROUTED)
1195 {
1196 my_ts = child_sa->get_my_traffic_selectors(child_sa);
1197 other_ts = child_sa->get_other_traffic_selectors(child_sa);
1198
1199 my_ts_conf = policy->get_my_traffic_selectors(policy, this->my_host);
1200 other_ts_conf = policy->get_other_traffic_selectors(policy, this->other_host);
1201
1202 if (ts_list_equals(my_ts, my_ts_conf) &&
1203 ts_list_equals(other_ts, other_ts_conf))
1204 {
1205 iterator->remove(iterator);
1206 SIG(SIG_CHILD_UNROUTE, "CHILD_SA unrouted");
1207 child_sa->destroy(child_sa);
1208 my_ts_conf->destroy_offset(my_ts_conf, offsetof(traffic_selector_t, destroy));
1209 other_ts_conf->destroy_offset(other_ts_conf, offsetof(traffic_selector_t, destroy));
1210 break;
1211 }
1212 my_ts_conf->destroy_offset(my_ts_conf, offsetof(traffic_selector_t, destroy));
1213 other_ts_conf->destroy_offset(other_ts_conf, offsetof(traffic_selector_t, destroy));
1214 }
1215 }
1216 iterator->destroy(iterator);
1217 /* if we are not established, and we have no more routed childs, remove whole SA */
1218 if (this->state == IKE_CREATED &&
1219 this->child_sas->get_count(this->child_sas) == 0)
1220 {
1221 return DESTROY_ME;
1222 }
1223 return SUCCESS;
1224 }
1225
1226 /**
1227 * Implementation of ike_sa_t.send_dpd
1228 */
1229 static status_t send_dpd(private_ike_sa_t *this)
1230 {
1231 send_dpd_job_t *job;
1232 time_t diff;
1233
1234 if (this->dpd_delay == 0)
1235 {
1236 /* DPD disabled */
1237 return SUCCESS;
1238 }
1239
1240 if (this->transaction_out)
1241 {
1242 /* there is a transaction in progress. Come back later */
1243 diff = 0;
1244 }
1245 else
1246 {
1247 /* check if there was any inbound traffic */
1248 time_t last_in, now;
1249 last_in = get_time_inbound(this);
1250 now = time(NULL);
1251 diff = now - last_in;
1252 if (diff >= this->dpd_delay)
1253 {
1254 /* to long ago, initiate dead peer detection */
1255 dead_peer_detection_t *dpd;
1256 DBG1(SIG_DBG_IKE, "sending DPD request");
1257 dpd = dead_peer_detection_create(&this->public);
1258 queue_transaction(this, (transaction_t*)dpd, FALSE);
1259 diff = 0;
1260 }
1261 }
1262 /* recheck in "interval" seconds */
1263 job = send_dpd_job_create(this->ike_sa_id);
1264 charon->event_queue->add_relative(charon->event_queue, (job_t*)job,
1265 (this->dpd_delay - diff) * 1000);
1266 return SUCCESS;
1267 }
1268
1269 /**
1270 * Implementation of ike_sa_t.send_keepalive
1271 */
1272 static void send_keepalive(private_ike_sa_t *this)
1273 {
1274 send_keepalive_job_t *job;
1275 time_t last_out, now, diff, interval;
1276
1277 last_out = get_time_outbound(this);
1278 now = time(NULL);
1279
1280 diff = now - last_out;
1281 interval = charon->configuration->get_keepalive_interval(charon->configuration);
1282
1283 if (diff >= interval)
1284 {
1285 packet_t *packet;
1286 chunk_t data;
1287
1288 packet = packet_create();
1289 packet->set_source(packet, this->my_host->clone(this->my_host));
1290 packet->set_destination(packet, this->other_host->clone(this->other_host));
1291 data.ptr = malloc(1);
1292 data.ptr[0] = 0xFF;
1293 data.len = 1;
1294 packet->set_data(packet, data);
1295 charon->send_queue->add(charon->send_queue, packet);
1296 DBG1(SIG_DBG_IKE, "sending keep alive");
1297 diff = 0;
1298 }
1299 job = send_keepalive_job_create(this->ike_sa_id);
1300 charon->event_queue->add_relative(charon->event_queue, (job_t*)job,
1301 (interval - diff) * 1000);
1302 }
1303
1304 /**
1305 * Implementation of ike_sa_t.get_state.
1306 */
1307 static ike_sa_state_t get_state(private_ike_sa_t *this)
1308 {
1309 return this->state;
1310 }
1311
1312 /**
1313 * Implementation of ike_sa_t.set_state.
1314 */
1315 static void set_state(private_ike_sa_t *this, ike_sa_state_t state)
1316 {
1317 DBG1(SIG_DBG_IKE, "state change: %N => %N",
1318 ike_sa_state_names, this->state,
1319 ike_sa_state_names, state);
1320
1321 if (state == IKE_ESTABLISHED)
1322 {
1323 this->time.established = time(NULL);
1324 /* start DPD checks */
1325 send_dpd(this);
1326
1327 SIG(SIG_IKE_UP, "IKE_SA established: %H[%D]...%H[%D]",
1328 this->my_host, this->my_id, this->other_host, this->other_id);
1329 }
1330
1331 this->state = state;
1332 }
1333
1334 /**
1335 * Implementation of ike_sa_t.get_prf.
1336 */
1337 static prf_t *get_prf(private_ike_sa_t *this)
1338 {
1339 return this->prf;
1340 }
1341
1342 /**
1343 * Implementation of ike_sa_t.get_prf.
1344 */
1345 static prf_t *get_child_prf(private_ike_sa_t *this)
1346 {
1347 return this->child_prf;
1348 }
1349
1350 /**
1351 * Implementation of ike_sa_t.get_prf_auth_i.
1352 */
1353 static prf_t *get_prf_auth_i(private_ike_sa_t *this)
1354 {
1355 return this->prf_auth_i;
1356 }
1357
1358 /**
1359 * Implementation of ike_sa_t.get_prf_auth_r.
1360 */
1361 static prf_t *get_prf_auth_r(private_ike_sa_t *this)
1362 {
1363 return this->prf_auth_r;
1364 }
1365
1366 /**
1367 * Implementation of ike_sa_t.get_id.
1368 */
1369 static ike_sa_id_t* get_id(private_ike_sa_t *this)
1370 {
1371 return this->ike_sa_id;
1372 }
1373
1374 /**
1375 * Implementation of ike_sa_t.get_my_id.
1376 */
1377 static identification_t* get_my_id(private_ike_sa_t *this)
1378 {
1379 return this->my_id;
1380 }
1381
1382 /**
1383 * Implementation of ike_sa_t.set_my_id.
1384 */
1385 static void set_my_id(private_ike_sa_t *this, identification_t *me)
1386 {
1387 DESTROY_IF(this->my_id);
1388 this->my_id = me;
1389 }
1390
1391 /**
1392 * Implementation of ike_sa_t.get_other_id.
1393 */
1394 static identification_t* get_other_id(private_ike_sa_t *this)
1395 {
1396 return this->other_id;
1397 }
1398
1399 /**
1400 * Implementation of ike_sa_t.set_other_id.
1401 */
1402 static void set_other_id(private_ike_sa_t *this, identification_t *other)
1403 {
1404 DESTROY_IF(this->other_id);
1405 this->other_id = other;
1406 }
1407
1408 /**
1409 * Implementation of ike_sa_t.derive_keys.
1410 */
1411 static status_t derive_keys(private_ike_sa_t *this,
1412 proposal_t *proposal, diffie_hellman_t *dh,
1413 chunk_t nonce_i, chunk_t nonce_r,
1414 bool initiator, prf_t *child_prf, prf_t *old_prf)
1415 {
1416 prf_plus_t *prf_plus;
1417 chunk_t skeyseed, secret, key, nonces, prf_plus_seed;
1418 algorithm_t *algo;
1419 size_t key_size;
1420 crypter_t *crypter_i, *crypter_r;
1421 signer_t *signer_i, *signer_r;
1422 u_int8_t spi_i_buf[sizeof(u_int64_t)], spi_r_buf[sizeof(u_int64_t)];
1423 chunk_t spi_i = chunk_from_buf(spi_i_buf);
1424 chunk_t spi_r = chunk_from_buf(spi_r_buf);
1425
1426 /* Create SAs general purpose PRF first, we may use it here */
1427 if (!proposal->get_algorithm(proposal, PSEUDO_RANDOM_FUNCTION, &algo))
1428 {
1429 DBG1(SIG_DBG_IKE, "key derivation failed: no PSEUDO_RANDOM_FUNCTION");;
1430 return FAILED;
1431 }
1432 this->prf = prf_create(algo->algorithm);
1433 if (this->prf == NULL)
1434 {
1435 DBG1(SIG_DBG_IKE, "key derivation failed: PSEUDO_RANDOM_FUNCTION "
1436 "%N not supported!", pseudo_random_function_names, algo->algorithm);
1437 return FAILED;
1438 }
1439
1440 dh->get_shared_secret(dh, &secret);
1441 DBG4(SIG_DBG_IKE, "shared Diffie Hellman secret %B", &secret);
1442 nonces = chunk_cat("cc", nonce_i, nonce_r);
1443 *((u_int64_t*)spi_i.ptr) = this->ike_sa_id->get_initiator_spi(this->ike_sa_id);
1444 *((u_int64_t*)spi_r.ptr) = this->ike_sa_id->get_responder_spi(this->ike_sa_id);
1445 prf_plus_seed = chunk_cat("ccc", nonces, spi_i, spi_r);
1446
1447 /* KEYMAT = prf+ (SKEYSEED, Ni | Nr | SPIi | SPIr)
1448 *
1449 * if we are rekeying, SKEYSEED built on another way
1450 */
1451 if (child_prf == NULL) /* not rekeying */
1452 {
1453 /* SKEYSEED = prf(Ni | Nr, g^ir) */
1454 this->prf->set_key(this->prf, nonces);
1455 this->prf->allocate_bytes(this->prf, secret, &skeyseed);
1456 DBG4(SIG_DBG_IKE, "SKEYSEED %B", &skeyseed);
1457 this->prf->set_key(this->prf, skeyseed);
1458 chunk_free(&skeyseed);
1459 chunk_free(&secret);
1460 prf_plus = prf_plus_create(this->prf, prf_plus_seed);
1461 }
1462 else
1463 {
1464 /* SKEYSEED = prf(SK_d (old), [g^ir (new)] | Ni | Nr)
1465 * use OLD SAs PRF functions for both prf_plus and prf */
1466 secret = chunk_cat("mc", secret, nonces);
1467 child_prf->allocate_bytes(child_prf, secret, &skeyseed);
1468 DBG4(SIG_DBG_IKE, "SKEYSEED %B", &skeyseed);
1469 old_prf->set_key(old_prf, skeyseed);
1470 chunk_free(&skeyseed);
1471 chunk_free(&secret);
1472 prf_plus = prf_plus_create(old_prf, prf_plus_seed);
1473 }
1474 chunk_free(&nonces);
1475 chunk_free(&prf_plus_seed);
1476
1477 /* KEYMAT = SK_d | SK_ai | SK_ar | SK_ei | SK_er | SK_pi | SK_pr */
1478
1479 /* SK_d is used for generating CHILD_SA key mat => child_prf */
1480 proposal->get_algorithm(proposal, PSEUDO_RANDOM_FUNCTION, &algo);
1481 this->child_prf = prf_create(algo->algorithm);
1482 key_size = this->child_prf->get_key_size(this->child_prf);
1483 prf_plus->allocate_bytes(prf_plus, key_size, &key);
1484 DBG4(SIG_DBG_IKE, "Sk_d secret %B", &key);
1485 this->child_prf->set_key(this->child_prf, key);
1486 chunk_free(&key);
1487
1488 /* SK_ai/SK_ar used for integrity protection => signer_in/signer_out */
1489 if (!proposal->get_algorithm(proposal, INTEGRITY_ALGORITHM, &algo))
1490 {
1491 DBG1(SIG_DBG_IKE, "key derivation failed: no INTEGRITY_ALGORITHM");
1492 return FAILED;
1493 }
1494 signer_i = signer_create(algo->algorithm);
1495 signer_r = signer_create(algo->algorithm);
1496 if (signer_i == NULL || signer_r == NULL)
1497 {
1498 DBG1(SIG_DBG_IKE, "key derivation failed: INTEGRITY_ALGORITHM "
1499 "%N not supported!", integrity_algorithm_names ,algo->algorithm);
1500 return FAILED;
1501 }
1502 key_size = signer_i->get_key_size(signer_i);
1503
1504 prf_plus->allocate_bytes(prf_plus, key_size, &key);
1505 DBG4(SIG_DBG_IKE, "Sk_ai secret %B", &key);
1506 signer_i->set_key(signer_i, key);
1507 chunk_free(&key);
1508
1509 prf_plus->allocate_bytes(prf_plus, key_size, &key);
1510 DBG4(SIG_DBG_IKE, "Sk_ar secret %B", &key);
1511 signer_r->set_key(signer_r, key);
1512 chunk_free(&key);
1513
1514 if (initiator)
1515 {
1516 this->signer_in = signer_r;
1517 this->signer_out = signer_i;
1518 }
1519 else
1520 {
1521 this->signer_in = signer_i;
1522 this->signer_out = signer_r;
1523 }
1524
1525 /* SK_ei/SK_er used for encryption => crypter_in/crypter_out */
1526 if (!proposal->get_algorithm(proposal, ENCRYPTION_ALGORITHM, &algo))
1527 {
1528 DBG1(SIG_DBG_IKE, "key derivation failed: no ENCRYPTION_ALGORITHM");
1529 return FAILED;
1530 }
1531 crypter_i = crypter_create(algo->algorithm, algo->key_size / 8);
1532 crypter_r = crypter_create(algo->algorithm, algo->key_size / 8);
1533 if (crypter_i == NULL || crypter_r == NULL)
1534 {
1535 DBG1(SIG_DBG_IKE, "key derivation failed: ENCRYPTION_ALGORITHM "
1536 "%N (key size %d) not supported!",
1537 encryption_algorithm_names, algo->algorithm, algo->key_size);
1538 return FAILED;
1539 }
1540 key_size = crypter_i->get_key_size(crypter_i);
1541
1542 prf_plus->allocate_bytes(prf_plus, key_size, &key);
1543 DBG4(SIG_DBG_IKE, "Sk_ei secret %B", &key);
1544 crypter_i->set_key(crypter_i, key);
1545 chunk_free(&key);
1546
1547 prf_plus->allocate_bytes(prf_plus, key_size, &key);
1548 DBG4(SIG_DBG_IKE, "Sk_er secret %B", &key);
1549 crypter_r->set_key(crypter_r, key);
1550 chunk_free(&key);
1551
1552 if (initiator)
1553 {
1554 this->crypter_in = crypter_r;
1555 this->crypter_out = crypter_i;
1556 }
1557 else
1558 {
1559 this->crypter_in = crypter_i;
1560 this->crypter_out = crypter_r;
1561 }
1562
1563 /* SK_pi/SK_pr used for authentication => prf_auth_i, prf_auth_r */
1564 proposal->get_algorithm(proposal, PSEUDO_RANDOM_FUNCTION, &algo);
1565 this->prf_auth_i = prf_create(algo->algorithm);
1566 this->prf_auth_r = prf_create(algo->algorithm);
1567
1568 key_size = this->prf_auth_i->get_key_size(this->prf_auth_i);
1569 prf_plus->allocate_bytes(prf_plus, key_size, &key);
1570 DBG4(SIG_DBG_IKE, "Sk_pi secret %B", &key);
1571 this->prf_auth_i->set_key(this->prf_auth_i, key);
1572 chunk_free(&key);
1573
1574 prf_plus->allocate_bytes(prf_plus, key_size, &key);
1575 DBG4(SIG_DBG_IKE, "Sk_pr secret %B", &key);
1576 this->prf_auth_r->set_key(this->prf_auth_r, key);
1577 chunk_free(&key);
1578
1579 /* all done, prf_plus not needed anymore */
1580 prf_plus->destroy(prf_plus);
1581
1582 return SUCCESS;
1583
1584 }
1585
1586 /**
1587 * Implementation of ike_sa_t.add_child_sa.
1588 */
1589 static void add_child_sa(private_ike_sa_t *this, child_sa_t *child_sa)
1590 {
1591 this->child_sas->insert_last(this->child_sas, child_sa);
1592 }
1593
1594 /**
1595 * Implementation of ike_sa_t.has_child_sa.
1596 */
1597 static bool has_child_sa(private_ike_sa_t *this, u_int32_t reqid)
1598 {
1599 iterator_t *iterator;
1600 child_sa_t *current;
1601 bool found = FALSE;
1602
1603 iterator = this->child_sas->create_iterator(this->child_sas, TRUE);
1604 while (iterator->iterate(iterator, (void**)&current))
1605 {
1606 if (current->get_reqid(current) == reqid)
1607 {
1608 found = TRUE;
1609 break;
1610 }
1611 }
1612 iterator->destroy(iterator);
1613 return found;
1614 }
1615
1616 /**
1617 * Implementation of ike_sa_t.get_child_sa.
1618 */
1619 static child_sa_t* get_child_sa(private_ike_sa_t *this, protocol_id_t protocol,
1620 u_int32_t spi, bool inbound)
1621 {
1622 iterator_t *iterator;
1623 child_sa_t *current, *found = NULL;
1624
1625 iterator = this->child_sas->create_iterator(this->child_sas, TRUE);
1626 while (iterator->iterate(iterator, (void**)&current))
1627 {;
1628 if (current->get_spi(current, inbound) == spi &&
1629 current->get_protocol(current) == protocol)
1630 {
1631 found = current;
1632 }
1633 }
1634 iterator->destroy(iterator);
1635 return found;
1636 }
1637
1638 /**
1639 * Implementation of ike_sa_t.create_child_sa_iterator.
1640 */
1641 static iterator_t* create_child_sa_iterator(private_ike_sa_t *this)
1642 {
1643 return this->child_sas->create_iterator(this->child_sas, TRUE);
1644 }
1645
1646 /**
1647 * Implementation of ike_sa_t.rekey_child_sa.
1648 */
1649 static status_t rekey_child_sa(private_ike_sa_t *this, protocol_id_t protocol, u_int32_t spi)
1650 {
1651 create_child_sa_t *rekey;
1652 child_sa_t *child_sa;
1653
1654 child_sa = get_child_sa(this, protocol, spi, TRUE);
1655 if (child_sa == NULL)
1656 {
1657 return NOT_FOUND;
1658 }
1659
1660 rekey = create_child_sa_create(&this->public);
1661 rekey->rekeys_child(rekey, child_sa);
1662 return queue_transaction(this, (transaction_t*)rekey, FALSE);
1663 }
1664
1665 /**
1666 * Implementation of ike_sa_t.delete_child_sa.
1667 */
1668 static status_t delete_child_sa(private_ike_sa_t *this, protocol_id_t protocol, u_int32_t spi)
1669 {
1670 delete_child_sa_t *del;
1671 child_sa_t *child_sa;
1672
1673 child_sa = get_child_sa(this, protocol, spi, TRUE);
1674 if (child_sa == NULL)
1675 {
1676 return NOT_FOUND;
1677 }
1678
1679 del = delete_child_sa_create(&this->public);
1680 del->set_child_sa(del, child_sa);
1681 return queue_transaction(this, (transaction_t*)del, FALSE);
1682 }
1683
1684 /**
1685 * Implementation of ike_sa_t.destroy_child_sa.
1686 */
1687 static status_t destroy_child_sa(private_ike_sa_t *this, protocol_id_t protocol, u_int32_t spi)
1688 {
1689 iterator_t *iterator;
1690 child_sa_t *child_sa;
1691 status_t status = NOT_FOUND;
1692
1693 iterator = this->child_sas->create_iterator(this->child_sas, TRUE);
1694 while (iterator->iterate(iterator, (void**)&child_sa))
1695 {
1696 if (child_sa->get_protocol(child_sa) == protocol &&
1697 child_sa->get_spi(child_sa, TRUE) == spi)
1698 {
1699 child_sa->destroy(child_sa);
1700 iterator->remove(iterator);
1701 status = SUCCESS;
1702 break;
1703 }
1704 }
1705 iterator->destroy(iterator);
1706 return status;
1707 }
1708
1709 /**
1710 * Implementation of ike_sa_t.set_lifetimes.
1711 */
1712 static void set_lifetimes(private_ike_sa_t *this,
1713 u_int32_t soft_lifetime, u_int32_t hard_lifetime)
1714 {
1715 job_t *job;
1716
1717 if (soft_lifetime)
1718 {
1719 this->time.rekey = this->time.established + soft_lifetime;
1720 job = (job_t*)rekey_ike_sa_job_create(this->ike_sa_id);
1721 charon->event_queue->add_relative(charon->event_queue, job,
1722 soft_lifetime * 1000);
1723 }
1724
1725 if (hard_lifetime)
1726 {
1727 this->time.delete = this->time.established + hard_lifetime;
1728 job = (job_t*)delete_ike_sa_job_create(this->ike_sa_id, TRUE);
1729 charon->event_queue->add_relative(charon->event_queue, job,
1730 hard_lifetime * 1000);
1731 }
1732 }
1733
1734 /**
1735 * Implementation of ike_sa_t.rekey.
1736 */
1737 static status_t rekey(private_ike_sa_t *this)
1738 {
1739 rekey_ike_sa_t *rekey_ike_sa;
1740
1741 DBG1(SIG_DBG_IKE, "rekeying IKE_SA between %H[%D]..%H[%D]",
1742 this->my_host, this->my_id,
1743 this->other_host, this->other_id);
1744
1745 if (this->state != IKE_ESTABLISHED)
1746 {
1747 SIG(SIG_IKE_FAILED, "unable to rekey IKE_SA in state %N",
1748 ike_sa_state_names, this->state);
1749 return FAILED;
1750 }
1751
1752 rekey_ike_sa = rekey_ike_sa_create(&this->public);
1753 return queue_transaction(this, (transaction_t*)rekey_ike_sa, FALSE);
1754 }
1755
1756 /**
1757 * Implementation of ike_sa_t.get_rekeying_transaction.
1758 */
1759 static rekey_ike_sa_t* get_rekeying_transaction(private_ike_sa_t *this)
1760 {
1761 return this->rekeying_transaction;
1762 }
1763
1764 /**
1765 * Implementation of ike_sa_t.set_rekeying_transaction.
1766 */
1767 static void set_rekeying_transaction(private_ike_sa_t *this, rekey_ike_sa_t *rekey)
1768 {
1769 this->rekeying_transaction = rekey;
1770 }
1771
1772 /**
1773 * Implementation of ike_sa_t.adopt_children.
1774 */
1775 static void adopt_children(private_ike_sa_t *this, private_ike_sa_t *other)
1776 {
1777 child_sa_t *child_sa;
1778
1779 while (other->child_sas->remove_last(other->child_sas,
1780 (void**)&child_sa) == SUCCESS)
1781 {
1782 this->child_sas->insert_first(this->child_sas, (void*)child_sa);
1783 }
1784 }
1785
1786 /**
1787 * Implementation of public_ike_sa_t.delete.
1788 */
1789 static status_t delete_(private_ike_sa_t *this)
1790 {
1791 switch (this->state)
1792 {
1793 case IKE_CONNECTING:
1794 case IKE_ESTABLISHED:
1795 {
1796 delete_ike_sa_t *delete_ike_sa;
1797 if (this->transaction_out)
1798 {
1799 /* already a transaction in progress. As this may hang
1800 * around a while, we don't inform the other peer. */
1801 return DESTROY_ME;
1802 }
1803 delete_ike_sa = delete_ike_sa_create(&this->public);
1804 return queue_transaction(this, (transaction_t*)delete_ike_sa, FALSE);
1805 }
1806 case IKE_CREATED:
1807 case IKE_DELETING:
1808 default:
1809 {
1810 return DESTROY_ME;
1811 }
1812 }
1813 }
1814
1815 /**
1816 * Implementation of ike_sa_t.get_next_message_id.
1817 */
1818 static u_int32_t get_next_message_id (private_ike_sa_t *this)
1819 {
1820 return this->message_id_out++;
1821 }
1822
1823 /**
1824 * Implementation of ike_sa_t.is_natt_enabled.
1825 */
1826 static bool is_natt_enabled (private_ike_sa_t *this)
1827 {
1828 return this->nat_here || this->nat_there;
1829 }
1830
1831 /**
1832 * Implementation of ike_sa_t.enable_natt.
1833 */
1834 static void enable_natt (private_ike_sa_t *this, bool local)
1835 {
1836 if (local)
1837 {
1838 DBG1(SIG_DBG_IKE, "local host is behind NAT, using NAT-T, "
1839 "scheduled keep alives");
1840 this->nat_here = TRUE;
1841 send_keepalive(this);
1842 }
1843 else
1844 {
1845 DBG1(SIG_DBG_IKE, "remote host is behind NAT, using NAT-T");
1846 this->nat_there = TRUE;
1847 }
1848 }
1849
1850 /**
1851 * output handler in printf()
1852 */
1853 static int print(FILE *stream, const struct printf_info *info,
1854 const void *const *args)
1855 {
1856 private_ike_sa_t *this = *((private_ike_sa_t**)(args[0]));
1857
1858 if (this == NULL)
1859 {
1860 return fprintf(stream, "(null)");
1861 }
1862
1863 return fprintf(stream, "%10s: %N, %H[%D]...%H[%D] (%J)",
1864 this->name, ike_sa_state_names, this->state,
1865 this->my_host, this->my_id, this->other_host, this->other_id,
1866 this->ike_sa_id);
1867 }
1868
1869 /**
1870 * arginfo handler in printf()
1871 */
1872 static int print_arginfo(const struct printf_info *info, size_t n, int *argtypes)
1873 {
1874 if (n > 0)
1875 {
1876 argtypes[0] = PA_POINTER;
1877 }
1878 return 1;
1879 }
1880
1881 /**
1882 * register printf() handlers
1883 */
1884 static void __attribute__ ((constructor))print_register()
1885 {
1886 register_printf_function(IKE_SA_PRINTF_SPEC, print, print_arginfo);
1887 }
1888
1889 /**
1890 * Implementation of ike_sa_t.destroy.
1891 */
1892 static void destroy(private_ike_sa_t *this)
1893 {
1894 this->child_sas->destroy_offset(this->child_sas, offsetof(child_sa_t, destroy));
1895 this->transaction_queue->destroy_offset(this->transaction_queue, offsetof(transaction_t, destroy));
1896
1897 DESTROY_IF(this->transaction_in);
1898 DESTROY_IF(this->transaction_in_next);
1899 DESTROY_IF(this->transaction_out);
1900 DESTROY_IF(this->crypter_in);
1901 DESTROY_IF(this->crypter_out);
1902 DESTROY_IF(this->signer_in);
1903 DESTROY_IF(this->signer_out);
1904 DESTROY_IF(this->prf);
1905 DESTROY_IF(this->child_prf);
1906 DESTROY_IF(this->prf_auth_i);
1907 DESTROY_IF(this->prf_auth_r);
1908
1909 DBG1(SIG_DBG_IKE, "IKE_SA deleted between %H[%D]...%H[%D]",
1910 this->my_host, this->my_id, this->other_host, this->other_id);
1911
1912 DESTROY_IF(this->my_host);
1913 DESTROY_IF(this->other_host);
1914 DESTROY_IF(this->my_id);
1915 DESTROY_IF(this->other_id);
1916
1917 free(this->name);
1918 this->ike_sa_id->destroy(this->ike_sa_id);
1919 free(this);
1920 }
1921
1922 /*
1923 * Described in header.
1924 */
1925 ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id)
1926 {
1927 private_ike_sa_t *this = malloc_thing(private_ike_sa_t);
1928
1929 /* Public functions */
1930 this->public.get_state = (ike_sa_state_t(*)(ike_sa_t*)) get_state;
1931 this->public.set_state = (void(*)(ike_sa_t*,ike_sa_state_t)) set_state;
1932 this->public.get_name = (char*(*)(ike_sa_t*))get_name;
1933 this->public.set_name = (void(*)(ike_sa_t*,char*))set_name;
1934 this->public.process_message = (status_t(*)(ike_sa_t*, message_t*)) process_message;
1935 this->public.initiate = (status_t(*)(ike_sa_t*,connection_t*,policy_t*)) initiate;
1936 this->public.route = (status_t(*)(ike_sa_t*,connection_t*,policy_t*)) route;
1937 this->public.unroute = (status_t(*)(ike_sa_t*,policy_t*)) unroute;
1938 this->public.acquire = (status_t(*)(ike_sa_t*,u_int32_t)) acquire;
1939 this->public.get_id = (ike_sa_id_t*(*)(ike_sa_t*)) get_id;
1940 this->public.get_my_host = (host_t*(*)(ike_sa_t*)) get_my_host;
1941 this->public.set_my_host = (void(*)(ike_sa_t*,host_t*)) set_my_host;
1942 this->public.get_other_host = (host_t*(*)(ike_sa_t*)) get_other_host;
1943 this->public.set_other_host = (void(*)(ike_sa_t*,host_t*)) set_other_host;
1944 this->public.get_my_id = (identification_t*(*)(ike_sa_t*)) get_my_id;
1945 this->public.set_my_id = (void(*)(ike_sa_t*,identification_t*)) set_my_id;
1946 this->public.get_other_id = (identification_t*(*)(ike_sa_t*)) get_other_id;
1947 this->public.set_other_id = (void(*)(ike_sa_t*,identification_t*)) set_other_id;
1948 this->public.get_next_message_id = (u_int32_t(*)(ike_sa_t*)) get_next_message_id;
1949 this->public.retransmit_request = (status_t (*) (ike_sa_t *, u_int32_t)) retransmit_request;
1950 this->public.delete = (status_t(*)(ike_sa_t*))delete_;
1951 this->public.destroy = (void(*)(ike_sa_t*))destroy;
1952 this->public.send_dpd = (status_t (*)(ike_sa_t*)) send_dpd;
1953 this->public.send_keepalive = (void (*)(ike_sa_t*)) send_keepalive;
1954 this->public.get_prf = (prf_t *(*) (ike_sa_t *)) get_prf;
1955 this->public.get_child_prf = (prf_t *(*) (ike_sa_t *)) get_child_prf;
1956 this->public.get_prf_auth_i = (prf_t *(*) (ike_sa_t *)) get_prf_auth_i;
1957 this->public.get_prf_auth_r = (prf_t *(*) (ike_sa_t *)) get_prf_auth_r;
1958 this->public.derive_keys = (status_t (*) (ike_sa_t *,proposal_t*,diffie_hellman_t*,chunk_t,chunk_t,bool,prf_t*,prf_t*)) derive_keys;
1959 this->public.add_child_sa = (void (*) (ike_sa_t*,child_sa_t*)) add_child_sa;
1960 this->public.has_child_sa = (bool(*)(ike_sa_t*,u_int32_t)) has_child_sa;
1961 this->public.get_child_sa = (child_sa_t* (*)(ike_sa_t*,protocol_id_t,u_int32_t,bool)) get_child_sa;
1962 this->public.create_child_sa_iterator = (iterator_t* (*)(ike_sa_t*)) create_child_sa_iterator;
1963 this->public.rekey_child_sa = (status_t(*)(ike_sa_t*,protocol_id_t,u_int32_t)) rekey_child_sa;
1964 this->public.delete_child_sa = (status_t(*)(ike_sa_t*,protocol_id_t,u_int32_t)) delete_child_sa;
1965 this->public.destroy_child_sa = (status_t (*)(ike_sa_t*,protocol_id_t,u_int32_t))destroy_child_sa;
1966 this->public.enable_natt = (void(*)(ike_sa_t*, bool)) enable_natt;
1967 this->public.is_natt_enabled = (bool(*)(ike_sa_t*)) is_natt_enabled;
1968 this->public.set_lifetimes = (void(*)(ike_sa_t*,u_int32_t,u_int32_t))set_lifetimes;
1969 this->public.apply_connection = (void(*)(ike_sa_t*,connection_t*))apply_connection;
1970 this->public.rekey = (status_t(*)(ike_sa_t*))rekey;
1971 this->public.get_rekeying_transaction = (void*(*)(ike_sa_t*))get_rekeying_transaction;
1972 this->public.set_rekeying_transaction = (void(*)(ike_sa_t*,void*))set_rekeying_transaction;
1973 this->public.adopt_children = (void(*)(ike_sa_t*,ike_sa_t*))adopt_children;
1974
1975 /* initialize private fields */
1976 this->ike_sa_id = ike_sa_id->clone(ike_sa_id);
1977 this->name = strdup("(uninitialized)");
1978 this->child_sas = linked_list_create();
1979 this->my_host = host_create_from_string("0.0.0.0", 0);
1980 this->other_host = host_create_from_string("0.0.0.0", 0);
1981 this->my_id = identification_create_from_encoding(ID_ANY, CHUNK_INITIALIZER);
1982 this->other_id = identification_create_from_encoding(ID_ANY, CHUNK_INITIALIZER);
1983 this->crypter_in = NULL;
1984 this->crypter_out = NULL;
1985 this->signer_in = NULL;
1986 this->signer_out = NULL;
1987 this->prf = NULL;
1988 this->prf_auth_i = NULL;
1989 this->prf_auth_r = NULL;
1990 this->child_prf = NULL;
1991 this->nat_here = FALSE;
1992 this->nat_there = FALSE;
1993 this->transaction_queue = linked_list_create();
1994 this->transaction_in = NULL;
1995 this->transaction_in_next = NULL;
1996 this->transaction_out = NULL;
1997 this->rekeying_transaction = NULL;
1998 this->state = IKE_CREATED;
1999 this->message_id_out = 0;
2000 /* set to NOW, as when we rekey an existing IKE_SA no message is exchanged */
2001 this->time.inbound = this->time.outbound = time(NULL);
2002 this->time.established = 0;
2003 this->time.rekey = 0;
2004 this->time.delete = 0;
2005 this->dpd_delay = 0;
2006 this->retrans_sequences = 0;
2007
2008 return &this->public;
2009 }
strongSwan - IPsec VPN