c5d3a63cd1cfcd961a5ed4041b507da1f91d27d0
[strongswan.git] / src / charon / sa / ike_sa.c
1 /**
2 * @file ike_sa.c
3 *
4 * @brief Implementation of ike_sa_t.
5 *
6 */
7
8 /*
9 * Copyright (C) 2006 Tobias Brunner, Daniel Roethlisberger
10 * Copyright (C) 2005-2006 Martin Willi
11 * Copyright (C) 2005 Jan Hutter
12 * Hochschule fuer Technik Rapperswil
13 *
14 * This program is free software; you can redistribute it and/or modify it
15 * under the terms of the GNU General Public License as published by the
16 * Free Software Foundation; either version 2 of the License, or (at your
17 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
18 *
19 * This program is distributed in the hope that it will be useful, but
20 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
21 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
22 * for more details.
23 */
24
25 #include <sys/time.h>
26 #include <string.h>
27
28 #include "ike_sa.h"
29
30 #include <types.h>
31 #include <daemon.h>
32 #include <definitions.h>
33 #include <utils/linked_list.h>
34 #include <utils/logger_manager.h>
35 #include <crypto/diffie_hellman.h>
36 #include <crypto/prf_plus.h>
37 #include <crypto/crypters/crypter.h>
38 #include <crypto/hashers/hasher.h>
39 #include <encoding/payloads/sa_payload.h>
40 #include <encoding/payloads/nonce_payload.h>
41 #include <encoding/payloads/ke_payload.h>
42 #include <encoding/payloads/delete_payload.h>
43 #include <encoding/payloads/transform_substructure.h>
44 #include <encoding/payloads/transform_attribute.h>
45 #include <encoding/payloads/ts_payload.h>
46 #include <sa/transactions/transaction.h>
47 #include <sa/transactions/ike_sa_init.h>
48 #include <sa/transactions/delete_ike_sa.h>
49 #include <sa/transactions/create_child_sa.h>
50 #include <sa/transactions/delete_child_sa.h>
51 #include <sa/transactions/dead_peer_detection.h>
52 #include <sa/transactions/rekey_ike_sa.h>
53 #include <queues/jobs/retransmit_request_job.h>
54 #include <queues/jobs/delete_ike_sa_job.h>
55 #include <queues/jobs/send_dpd_job.h>
56 #include <queues/jobs/send_keepalive_job.h>
57 #include <queues/jobs/rekey_ike_sa_job.h>
58 #include <queues/jobs/route_job.h>
59 #include <queues/jobs/initiate_job.h>
60
61 /**
62 * String mappings for ike_sa_state_t.
63 */
64 mapping_t ike_sa_state_m[] = {
65 {IKE_CREATED, "CREATED"},
66 {IKE_CONNECTING, "CONNECTING"},
67 {IKE_ESTABLISHED, "ESTABLISHED"},
68 {IKE_REKEYING, "REKEYING"},
69 {IKE_DELETING, "DELETING"},
70 {MAPPING_END, NULL}
71 };
72
73
74 typedef struct private_ike_sa_t private_ike_sa_t;
75
76 /**
77 * Private data of an ike_sa_t object.
78 */
79 struct private_ike_sa_t {
80
81 /**
82 * Public members
83 */
84 ike_sa_t public;
85
86 /**
87 * Identifier for the current IKE_SA.
88 */
89 ike_sa_id_t *ike_sa_id;
90
91 /**
92 * Current state of the IKE_SA
93 */
94 ike_sa_state_t state;
95
96 /**
97 * Name of the connection used by this IKE_SA
98 */
99 char *name;
100
101 /**
102 * Address of local host
103 */
104 host_t *my_host;
105
106 /**
107 * Address of remote host
108 */
109 host_t *other_host;
110
111 /**
112 * Identification used for us
113 */
114 identification_t *my_id;
115
116 /**
117 * Identification used for other
118 */
119 identification_t *other_id;
120
121 /**
122 * Linked List containing the child sa's of the current IKE_SA.
123 */
124 linked_list_t *child_sas;
125
126 /**
127 * crypter for inbound traffic
128 */
129 crypter_t *crypter_in;
130
131 /**
132 * crypter for outbound traffic
133 */
134 crypter_t *crypter_out;
135
136 /**
137 * Signer for inbound traffic
138 */
139 signer_t *signer_in;
140
141 /**
142 * Signer for outbound traffic
143 */
144 signer_t *signer_out;
145
146 /**
147 * Multi purpose prf, set key, use it, forget it
148 */
149 prf_t *prf;
150
151 /**
152 * Prf function for derivating keymat child SAs
153 */
154 prf_t *child_prf;
155
156 /**
157 * PRF, with key set to pi_key, used for authentication
158 */
159 prf_t *prf_auth_i;
160
161 /**
162 * PRF, with key set to pr_key, used for authentication
163 */
164 prf_t *prf_auth_r;
165
166 /**
167 * A logger for this IKE_SA.
168 */
169 logger_t *logger;
170
171 /**
172 * NAT hasher.
173 */
174 hasher_t *nat_hasher;
175
176 /**
177 * NAT status of local host.
178 */
179 bool nat_here;
180
181 /**
182 * NAT status of remote host.
183 */
184 bool nat_there;
185
186 /**
187 * message ID for next outgoung request
188 */
189 u_int32_t message_id_out;
190
191 /**
192 * Timestamps for this IKE_SA
193 */
194 struct {
195 /** last IKE message received */
196 u_int32_t inbound;
197 /** last IKE message sent */
198 u_int32_t outbound;
199 /** when IKE_SA became established */
200 u_int32_t established;
201 /** when IKE_SA gets rekeyed */
202 u_int32_t rekey;
203 /** when IKE_SA gets deleted */
204 u_int32_t delete;
205 } time;
206
207 /**
208 * interval to send DPD liveness check
209 */
210 time_t dpd_delay;
211
212 /**
213 * number of retransmit sequences to go through before giving up (keyingtries)
214 */
215 u_int32_t retrans_sequences;
216
217 /**
218 * List of queued transactions to process
219 */
220 linked_list_t *transaction_queue;
221
222 /**
223 * Transaction currently initiated
224 * (only one supported yet, window size = 1)
225 */
226 transaction_t *transaction_out;
227
228 /**
229 * last transaction initiated by peer processed.
230 * (only one supported yet, window size = 1)
231 * Stored for retransmission.
232 */
233 transaction_t *transaction_in;
234
235 /**
236 * Next incoming transaction expected. Used to
237 * do multi transaction operations.
238 */
239 transaction_t *transaction_in_next;
240
241 /**
242 * Transaction which rekeys this IKE_SA, used do detect simultaneus rekeying
243 */
244 rekey_ike_sa_t *rekeying_transaction;
245 };
246
247 /**
248 * get the time of the latest traffic processed by the kernel
249 */
250 static time_t get_kernel_time(private_ike_sa_t* this, bool inbound)
251 {
252 iterator_t *iterator;
253 child_sa_t *child_sa;
254 time_t latest = 0, use_time;
255
256 iterator = this->child_sas->create_iterator(this->child_sas, TRUE);
257 while (iterator->iterate(iterator, (void**)&child_sa))
258 {
259 if (child_sa->get_use_time(child_sa, inbound, &use_time) == SUCCESS)
260 {
261 latest = max(latest, use_time);
262 }
263 }
264 iterator->destroy(iterator);
265
266 return latest;
267 }
268
269 /**
270 * get the time of the latest received traffice
271 */
272 static time_t get_time_inbound(private_ike_sa_t *this)
273 {
274 return max(this->time.inbound, get_kernel_time(this, TRUE));
275 }
276
277 /**
278 * get the time of the latest sent traffic
279 */
280 static time_t get_time_outbound(private_ike_sa_t *this)
281 {
282 return max(this->time.outbound, get_kernel_time(this, FALSE));
283 }
284
285 /**
286 * Implementation of ike_sa_t.get_name.
287 */
288 static char *get_name(private_ike_sa_t *this)
289 {
290 return this->name;
291 }
292
293 /**
294 * Implementation of ike_sa_t.set_name.
295 */
296 static void set_name(private_ike_sa_t *this, char* name)
297 {
298 free(this->name);
299 this->name = strdup(name);
300 }
301
302 /**
303 * Implementation of ike_sa_t.get_my_host.
304 */
305 static host_t *get_my_host(private_ike_sa_t *this)
306 {
307 return this->my_host;
308 }
309
310 /**
311 * Implementation of ike_sa_t.set_my_host.
312 */
313 static void set_my_host(private_ike_sa_t *this, host_t *me)
314 {
315 DESTROY_IF(this->my_host);
316 this->my_host = me;
317 }
318
319 /**
320 * Implementation of ike_sa_t.get_other_host.
321 */
322 static host_t *get_other_host(private_ike_sa_t *this)
323 {
324 return this->other_host;
325 }
326
327 /**
328 * Implementation of ike_sa_t.set_other_host.
329 */
330 static void set_other_host(private_ike_sa_t *this, host_t *other)
331 {
332 DESTROY_IF(this->other_host);
333 this->other_host = other;
334 }
335
336 /**
337 * Update connection host, as addresses may change (NAT)
338 */
339 static void update_hosts(private_ike_sa_t *this, host_t *me, host_t *other)
340 {
341 /*
342 * Quoting RFC 4306:
343 *
344 * 2.11. Address and Port Agility
345 *
346 * IKE runs over UDP ports 500 and 4500, and implicitly sets up ESP and
347 * AH associations for the same IP addresses it runs over. The IP
348 * addresses and ports in the outer header are, however, not themselves
349 * cryptographically protected, and IKE is designed to work even through
350 * Network Address Translation (NAT) boxes. An implementation MUST
351 * accept incoming requests even if the source port is not 500 or 4500,
352 * and MUST respond to the address and port from which the request was
353 * received. It MUST specify the address and port at which the request
354 * was received as the source address and port in the response. IKE
355 * functions identically over IPv4 or IPv6.
356 *
357 * [...]
358 *
359 * There are cases where a NAT box decides to remove mappings that
360 * are still alive (for example, the keepalive interval is too long,
361 * or the NAT box is rebooted). To recover in these cases, hosts
362 * that are not behind a NAT SHOULD send all packets (including
363 * retransmission packets) to the IP address and port from the last
364 * valid authenticated packet from the other end (i.e., dynamically
365 * update the address). A host behind a NAT SHOULD NOT do this
366 * because it opens a DoS attack possibility. Any authenticated IKE
367 * packet or any authenticated UDP-encapsulated ESP packet can be
368 * used to detect that the IP address or the port has changed.
369 */
370 iterator_t *iterator = NULL;
371 child_sa_t *child_sa = NULL;
372 host_diff_t my_diff, other_diff;
373
374 if (this->my_host->is_anyaddr(this->my_host) ||
375 this->other_host->is_anyaddr(this->other_host))
376 {
377 /* on first received message */
378 this->my_host->destroy(this->my_host);
379 this->my_host = me->clone(me);
380 this->other_host->destroy(this->other_host);
381 this->other_host = other->clone(other);
382 return;
383 }
384
385 my_diff = me->get_differences(me, this->my_host);
386 other_diff = other->get_differences(other, this->other_host);
387
388 if (!my_diff && !other_diff)
389 {
390 return;
391 }
392
393 if (my_diff)
394 {
395 this->my_host->destroy(this->my_host);
396 this->my_host = me->clone(me);
397 }
398
399 if (!this->nat_here)
400 {
401 /* update without restrictions if we are not NATted */
402 if (other_diff)
403 {
404 this->other_host->destroy(this->other_host);
405 this->other_host = other->clone(other);
406 }
407 }
408 else
409 {
410 /* if we are natted, only port may change */
411 if (other_diff & HOST_DIFF_ADDR)
412 {
413 return;
414 }
415 else if (other_diff & HOST_DIFF_PORT)
416 {
417 this->other_host->set_port(this->other_host, other->get_port(other));
418 }
419 }
420 iterator = this->child_sas->create_iterator(this->child_sas, TRUE);
421 while (iterator->iterate(iterator, (void**)&child_sa))
422 {
423 child_sa->update_hosts(child_sa, this->my_host, this->other_host,
424 my_diff, other_diff);
425 /* TODO: what to do if update fails? Delete CHILD_SA? */
426 }
427 iterator->destroy(iterator);
428 }
429
430 /**
431 * called when the peer is not responding anymore
432 */
433 static void dpd_detected(private_ike_sa_t *this)
434 {
435 /* check for childrens with dpdaction=hold */
436 connection_t *connection = NULL;
437 policy_t *policy;
438 linked_list_t *my_ts, *other_ts;
439 child_sa_t* child_sa;
440 dpd_action_t action;
441 job_t *job;
442
443 this->logger->log(this->logger, CONTROL|LEVEL1,
444 "dead peer detected, handling CHILD_SAs dpd action");
445
446 while(this->child_sas->remove_first(this->child_sas,
447 (void**)&child_sa) == SUCCESS)
448 {
449 /* get the policy which belongs to this CHILD */
450 my_ts = child_sa->get_my_traffic_selectors(child_sa);
451 other_ts = child_sa->get_other_traffic_selectors(child_sa);
452 policy = charon->policies->get_policy(charon->policies,
453 this->my_id, this->other_id,
454 my_ts, other_ts,
455 this->my_host, this->other_host);
456 if (policy == NULL)
457 {
458 this->logger->log(this->logger, ERROR,
459 "no policy found for this CHILD_SA");
460 continue;
461 }
462
463 action = policy->get_dpd_action(policy);
464 /* get a connection for further actions */
465 if (connection == NULL &&
466 (action == DPD_ROUTE || action == DPD_RESTART))
467 {
468 connection = charon->connections->get_connection_by_hosts(
469 charon->connections,
470 this->my_host, this->other_host);
471 if (connection == NULL)
472 {
473 this->logger->log(this->logger, ERROR,
474 "no connection found for this IKE_SA");
475 break;
476 }
477 }
478
479 this->logger->log(this->logger, CONTROL, "dpd action for %s is %s",
480 policy->get_name(policy),
481 mapping_find(dpd_action_m, action));
482
483 switch (action)
484 {
485 case DPD_ROUTE:
486 connection->get_ref(connection);
487 job = (job_t*)route_job_create(connection, policy, TRUE);
488 charon->job_queue->add(charon->job_queue, job);
489 break;
490 case DPD_RESTART:
491 connection->get_ref(connection);
492 job = (job_t*)initiate_job_create(connection, policy);
493 charon->job_queue->add(charon->job_queue, job);
494 break;
495 default:
496 policy->destroy(policy);
497 break;
498 }
499 child_sa->destroy(child_sa);
500 }
501 DESTROY_IF(connection);
502 }
503
504 /**
505 * send a request and schedule retransmission
506 */
507 static status_t transmit_request(private_ike_sa_t *this)
508 {
509 message_t *request;
510 packet_t *packet;
511 status_t status;
512 retransmit_request_job_t *job;
513 u_int32_t transmitted;
514 u_int32_t timeout;
515 transaction_t *transaction = this->transaction_out;
516 u_int32_t message_id;
517
518 transmitted = transaction->requested(transaction);
519 timeout = charon->configuration->get_retransmit_timeout(charon->configuration,
520 transmitted,
521 this->retrans_sequences);
522 if (timeout == 0)
523 {
524 this->logger->log(this->logger, ERROR,
525 "giving up after %d retransmits, deleting IKE_SA",
526 transmitted - 1);
527 dpd_detected(this);
528 return DESTROY_ME;
529 }
530
531 status = transaction->get_request(transaction, &request);
532 if (status != SUCCESS)
533 {
534 this->logger->log(this->logger, ERROR,
535 "generating request failed");
536 return status;
537 }
538 message_id = transaction->get_message_id(transaction);
539 /* if we retransmit, the request is already generated */
540 if (transmitted == 0)
541 {
542 status = request->generate(request, this->crypter_out, this->signer_out, &packet);
543 if (status != SUCCESS)
544 {
545 this->logger->log(this->logger, ERROR,
546 "request generation failed. transaction discarded");
547 return FAILED;
548 }
549 }
550 else
551 {
552 this->logger->log(this->logger, CONTROL,
553 "sending retransmit %d for %s request with message ID %d",
554 transmitted,
555 mapping_find(exchange_type_m, request->get_exchange_type(request)),
556 message_id);
557 packet = request->get_packet(request);
558 }
559 /* finally send */
560 charon->send_queue->add(charon->send_queue, packet);
561 this->time.outbound = time(NULL);
562
563 /* schedule retransmission job */
564 job = retransmit_request_job_create(message_id, this->ike_sa_id);
565 charon->event_queue->add_relative(charon->event_queue, (job_t*)job, timeout);
566 return SUCCESS;
567 }
568
569 /**
570 * Implementation of ike_sa.retransmit_request.
571 */
572 static status_t retransmit_request(private_ike_sa_t *this, u_int32_t message_id)
573 {
574 if (this->transaction_out == NULL ||
575 this->transaction_out->get_message_id(this->transaction_out) != message_id)
576 {
577 /* no retransmit necessary, transaction did already complete */
578 return SUCCESS;
579 }
580 return transmit_request(this);
581 }
582
583 /**
584 * Check for transactions in the queue and initiate the first transaction found.
585 */
586 static status_t process_transaction_queue(private_ike_sa_t *this)
587 {
588 if (this->transaction_out)
589 {
590 /* already a transaction in progress */
591 return SUCCESS;
592 }
593
594 while (TRUE)
595 {
596 if (this->transaction_queue->remove_first(this->transaction_queue,
597 (void**)&this->transaction_out) != SUCCESS)
598 {
599 /* transaction queue empty */
600 return SUCCESS;
601 }
602 switch (transmit_request(this))
603 {
604 case SUCCESS:
605 return SUCCESS;
606 case DESTROY_ME:
607 /* critical, IKE_SA unusable, destroy immediately */
608 this->logger->log(this->logger, ERROR,
609 "transaction initiaton failed, deleting IKE_SA");
610 return DESTROY_ME;
611 default:
612 /* discard transaction, process next one */
613 this->logger->log(this->logger, ERROR,
614 "transaction initiation failed, discarded");
615 this->transaction_out->destroy(this->transaction_out);
616 this->transaction_out = NULL;
617 /* handle next transaction */
618 continue;
619 }
620 }
621 }
622
623 /**
624 * Queue a new transaction and execute the next outstanding transaction
625 */
626 static status_t queue_transaction(private_ike_sa_t *this, transaction_t *transaction, bool prefer)
627 {
628 /* inject next transaction */
629 if (transaction)
630 {
631 if (prefer)
632 {
633 this->transaction_queue->insert_first(this->transaction_queue, transaction);
634 }
635 else
636 {
637 this->transaction_queue->insert_last(this->transaction_queue, transaction);
638 }
639 }
640 /* process a transaction */
641 return process_transaction_queue(this);
642 }
643
644 /**
645 * process an incoming request.
646 */
647 static status_t process_request(private_ike_sa_t *this, message_t *request)
648 {
649 transaction_t *last, *current = NULL;
650 message_t *response;
651 packet_t *packet;
652 u_int32_t request_mid;
653 status_t status;
654
655 request_mid = request->get_message_id(request);
656 last = this->transaction_in;
657
658 /* check if message ID is correct */
659 if (last)
660 {
661 u_int32_t last_mid = last->get_message_id(last);
662
663 if (last_mid == request_mid)
664 {
665 /* retransmit detected */
666 this->logger->log(this->logger, ERROR,
667 "received retransmitted request for message ID %d, retransmitting response",
668 request_mid);
669 last->get_response(last, request, &response, &this->transaction_in_next);
670 packet = response->get_packet(response);
671 charon->send_queue->add(charon->send_queue, packet);
672 this->time.outbound = time(NULL);
673 return SUCCESS;
674 }
675
676 if (last_mid > request_mid)
677 {
678 /* something seriously wrong here, message id may not decrease */
679 this->logger->log(this->logger, ERROR,
680 "received request with message ID %d, excepted %d, ingored",
681 request_mid, last_mid + 1);
682 return FAILED;
683 }
684 /* we allow jumps in message IDs, as long as they are incremental */
685 if (last_mid + 1 < request_mid)
686 {
687 this->logger->log(this->logger, ERROR,
688 "received request with message ID %d, excepted %d",
689 request_mid, last_mid + 1);
690 }
691 }
692 else
693 {
694 if (request_mid != 0)
695 {
696 /* warn, but allow it */
697 this->logger->log(this->logger, CONTROL,
698 "first received request has message ID %d, excepted 0",
699 request_mid);
700 }
701 }
702
703 /* check if we already have a pre-created transaction for this request */
704 if (this->transaction_in_next)
705 {
706 current = this->transaction_in_next;
707 this->transaction_in_next = NULL;
708 }
709 else
710 {
711 current = transaction_create(&this->public, request);
712 if (current == NULL)
713 {
714 this->logger->log(this->logger, ERROR,
715 "no idea how to handle received message (%d), ignored",
716 request->get_exchange_type(request));
717 return FAILED;
718 }
719 }
720
721 /* send message. get_request() always gives a valid response */
722 status = current->get_response(current, request, &response, &this->transaction_in_next);
723 if (response->generate(response, this->crypter_out, this->signer_out, &packet) != SUCCESS)
724 {
725 this->logger->log(this->logger, ERROR,
726 "response generation failed, discarding transaction");
727 current->destroy(current);
728 return FAILED;
729 }
730
731 charon->send_queue->add(charon->send_queue, packet);
732 this->time.outbound = time(NULL);
733 /* act depending on transaction result */
734 switch (status)
735 {
736 case DESTROY_ME:
737 /* transactions says we should destroy the IKE_SA, so do it */
738 current->destroy(current);
739 return DESTROY_ME;
740 default:
741 /* store for retransmission, destroy old transaction */
742 this->transaction_in = current;
743 if (last)
744 {
745 last->destroy(last);
746 }
747 return SUCCESS;
748 }
749 }
750
751 /**
752 * process an incoming response
753 */
754 static status_t process_response(private_ike_sa_t *this, message_t *response)
755 {
756 transaction_t *current, *new = NULL;
757
758 current = this->transaction_out;
759 /* check if message ID is that of our currently active transaction */
760 if (current == NULL ||
761 current->get_message_id(current) != response->get_message_id(response))
762 {
763 this->logger->log(this->logger, ERROR,
764 "received response with message ID %d not requested, ignored");
765 return FAILED;
766 }
767
768 switch (current->conclude(current, response, &new))
769 {
770 case DESTROY_ME:
771 /* state requested to destroy IKE_SA */
772 return DESTROY_ME;
773 default:
774 /* discard transaction, process next one */
775 break;
776 }
777 /* transaction comleted, remove */
778 current->destroy(current);
779 this->transaction_out = NULL;
780
781 /* queue new transaction */
782 return queue_transaction(this, new, TRUE);
783 }
784
785 /**
786 * send a notify back to the sender
787 */
788 static void send_notify_response(private_ike_sa_t *this,
789 message_t *request,
790 notify_type_t type)
791 {
792 notify_payload_t *notify;
793 message_t *response;
794 host_t *src, *dst;
795 packet_t *packet;
796
797 response = message_create();
798 dst = request->get_source(request);
799 src = request->get_destination(request);
800 response->set_source(response, src->clone(src));
801 response->set_destination(response, dst->clone(dst));
802 response->set_exchange_type(response, request->get_exchange_type(request));
803 response->set_request(response, FALSE);
804 response->set_message_id(response, request->get_message_id(request));
805 response->set_ike_sa_id(response, this->ike_sa_id);
806 notify = notify_payload_create_from_protocol_and_type(PROTO_NONE, type);
807 response->add_payload(response, (payload_t *)notify);
808 if (response->generate(response, this->crypter_out, this->signer_out, &packet) != SUCCESS)
809 {
810 response->destroy(response);
811 return;
812 }
813 charon->send_queue->add(charon->send_queue, packet);
814 this->time.outbound = time(NULL);
815 response->destroy(response);
816 return;
817 }
818
819
820 /**
821 * Implementation of ike_sa_t.process_message.
822 */
823 static status_t process_message(private_ike_sa_t *this, message_t *message)
824 {
825 status_t status;
826 bool is_request;
827
828 is_request = message->get_request(message);
829
830 status = message->parse_body(message, this->crypter_in, this->signer_in);
831 if (status != SUCCESS)
832 {
833 if (is_request)
834 {
835 switch (status)
836 {
837 case NOT_SUPPORTED:
838 this->logger->log(this->logger, ERROR,
839 "ciritcal unknown payloads found");
840 if (is_request)
841 {
842 send_notify_response(this, message, UNSUPPORTED_CRITICAL_PAYLOAD);
843 }
844 break;
845 case PARSE_ERROR:
846 this->logger->log(this->logger, ERROR,
847 "message parsing failed");
848 if (is_request)
849 {
850 send_notify_response(this, message, INVALID_SYNTAX);
851 }
852 break;
853 case VERIFY_ERROR:
854 this->logger->log(this->logger, ERROR,
855 "message verification failed");
856 if (is_request)
857 {
858 send_notify_response(this, message, INVALID_SYNTAX);
859 }
860 break;
861 case FAILED:
862 this->logger->log(this->logger, ERROR,
863 "integrity check failed");
864 /* ignored */
865 break;
866 case INVALID_STATE:
867 this->logger->log(this->logger, ERROR,
868 "found encrypted message, but no keys available");
869 if (is_request)
870 {
871 send_notify_response(this, message, INVALID_SYNTAX);
872 }
873 default:
874 break;
875 }
876 }
877 this->logger->log(this->logger, ERROR,
878 "%s %s with message ID %d processing failed",
879 mapping_find(exchange_type_m, message->get_exchange_type(message)),
880 message->get_request(message) ? "request" : "response",
881 message->get_message_id(message));
882 }
883 else
884 {
885 /* check if message is trustworthy, and update connection information */
886 if (this->state == IKE_CREATED ||
887 message->get_exchange_type(message) != IKE_SA_INIT)
888 {
889 update_hosts(this, message->get_destination(message),
890 message->get_source(message));
891 this->time.inbound = time(NULL);
892 }
893 if (is_request)
894 {
895 status = process_request(this, message);
896 }
897 else
898 {
899 status = process_response(this, message);
900 }
901 }
902 return status;
903 }
904
905 /**
906 * Implementation of ike_sa_t.initiate.
907 */
908 static status_t initiate(private_ike_sa_t *this,
909 connection_t *connection, policy_t *policy)
910 {
911 switch (this->state)
912 {
913 case IKE_CREATED:
914 {
915 /* in state CREATED, we must do the ike_sa_init
916 * and ike_auth transactions. Along with these,
917 * a CHILD_SA with the supplied policy is set up.
918 */
919 ike_sa_init_t *ike_sa_init;
920
921 this->logger->log(this->logger, CONTROL,
922 "initiating IKE_SA");
923
924 set_name(this, connection->get_name(connection));
925 DESTROY_IF(this->my_host);
926 this->my_host = connection->get_my_host(connection);
927 this->my_host = this->my_host->clone(this->my_host);
928 DESTROY_IF(this->other_host);
929 this->other_host = connection->get_other_host(connection);
930 this->other_host = this->other_host->clone(this->other_host);
931 this->retrans_sequences = connection->get_retrans_seq(connection);
932 this->dpd_delay = connection->get_dpd_delay(connection);
933
934 this->message_id_out = 1;
935 ike_sa_init = ike_sa_init_create(&this->public);
936 ike_sa_init->set_config(ike_sa_init, connection, policy);
937 return queue_transaction(this, (transaction_t*)ike_sa_init, TRUE);
938 }
939 case IKE_DELETING:
940 case IKE_REKEYING:
941 {
942 /* if we are in DELETING/REKEYING, we deny set up of a policy. */
943 this->logger->log(this->logger, CONTROL,
944 "creating CHILD_SA discarded, as IKE_SA is in state %s",
945 mapping_find(ike_sa_state_m, this->state));
946 policy->destroy(policy);
947 connection->destroy(connection);
948 return FAILED;
949 }
950 case IKE_CONNECTING:
951 case IKE_ESTABLISHED:
952 {
953 /* if we are ESTABLISHED or CONNECTING,we queue the
954 * transaction to create the CHILD_SA. It gets processed
955 * when the IKE_SA is ready to do so. We don't need the
956 * connection, as the IKE_SA is already established/establishing.
957 */
958 create_child_sa_t *create_child;
959
960 this->logger->log(this->logger, CONTROL,
961 "initiating CHILD_SA");
962
963 connection->destroy(connection);
964 create_child = create_child_sa_create(&this->public);
965 create_child->set_policy(create_child, policy);
966 return queue_transaction(this, (transaction_t*)create_child, FALSE);
967 }
968 }
969 return FAILED;
970 }
971
972 /**
973 * Implementation of ike_sa_t.acquire.
974 */
975 static status_t acquire(private_ike_sa_t *this, u_int32_t reqid)
976 {
977 connection_t *connection;
978 policy_t *policy;
979 iterator_t *iterator;
980 child_sa_t *current, *child_sa = NULL;
981 linked_list_t *my_ts, *other_ts;
982
983 if (this->state == IKE_DELETING)
984 {
985 this->logger->log(this->logger, CONTROL,
986 "acquiring CHILD_SA with reqid %d discarded, as IKE_SA is deleting",
987 reqid);
988 return FAILED;
989 }
990
991
992 /* find CHILD_SA */
993 iterator = this->child_sas->create_iterator(this->child_sas, TRUE);
994 while (iterator->iterate(iterator, (void**)&current))
995 {
996 if (current->get_reqid(current) == reqid)
997 {
998 //iterator->remove(iterator);
999 child_sa = current;
1000 break;
1001 }
1002 }
1003 iterator->destroy(iterator);
1004 if (!child_sa)
1005 {
1006 this->logger->log(this->logger, ERROR,
1007 "CHILD_SA with reqid %d not found, unable to acquire",
1008 reqid);
1009 return FAILED;
1010 }
1011 my_ts = child_sa->get_my_traffic_selectors(child_sa);
1012 other_ts = child_sa->get_other_traffic_selectors(child_sa);
1013
1014 policy = charon->policies->get_policy(charon->policies,
1015 this->my_id, this->other_id,
1016 my_ts, other_ts,
1017 this->my_host, this->other_host);
1018 //child_sa->destroy(child_sa);
1019 if (policy == NULL)
1020 {
1021 this->logger->log(this->logger, ERROR,
1022 "no policy found to acquire CHILD_SA with reqid %d",
1023 reqid);
1024 return FAILED;
1025 }
1026
1027 switch (this->state)
1028 {
1029 case IKE_CREATED:
1030 {
1031 ike_sa_init_t *ike_sa_init;
1032
1033 this->logger->log(this->logger, CONTROL,
1034 "acquiring CHILD_SA with reqid %d, IKE_SA setup needed",
1035 reqid);
1036
1037 connection = charon->connections->get_connection_by_hosts(
1038 charon->connections, this->my_host, this->other_host);
1039
1040 if (connection == NULL)
1041 {
1042 this->logger->log(this->logger, ERROR,
1043 "no connection found to acquire IKE_SA for CHILD_SA with reqid %d",
1044 reqid);
1045 policy->destroy(policy);
1046 return FAILED;
1047 }
1048
1049 this->message_id_out = 1;
1050 ike_sa_init = ike_sa_init_create(&this->public);
1051 ike_sa_init->set_config(ike_sa_init, connection, policy);
1052 /* reuse existing reqid */
1053 ike_sa_init->set_reqid(ike_sa_init, reqid);
1054 return queue_transaction(this, (transaction_t*)ike_sa_init, TRUE);
1055 }
1056 case IKE_CONNECTING:
1057 case IKE_ESTABLISHED:
1058 {
1059 create_child_sa_t *create_child;
1060
1061 this->logger->log(this->logger, CONTROL,
1062 "acquiring CHILD_SA with reqid %d",
1063 reqid);
1064
1065 create_child = create_child_sa_create(&this->public);
1066 create_child->set_policy(create_child, policy);
1067 /* reuse existing reqid */
1068 create_child->set_reqid(create_child, reqid);
1069 return queue_transaction(this, (transaction_t*)create_child, FALSE);
1070 }
1071 default:
1072 break;
1073 }
1074 return FAILED;
1075 }
1076
1077 /**
1078 * destroy a list of traffic selectors
1079 */
1080 static void ts_list_destroy(linked_list_t *list)
1081 {
1082 traffic_selector_t *ts;
1083 while (list->remove_last(list, (void**)&ts) == SUCCESS)
1084 {
1085 ts->destroy(ts);
1086 }
1087 list->destroy(list);
1088 }
1089
1090 /**
1091 * compare two lists of traffic selectors for equality
1092 */
1093 static bool ts_list_equals(linked_list_t *l1, linked_list_t *l2)
1094 {
1095 bool equals = TRUE;
1096 iterator_t *i1, *i2;
1097 traffic_selector_t *t1, *t2;
1098
1099 i1 = l1->create_iterator(l1, TRUE);
1100 i2 = l2->create_iterator(l2, TRUE);
1101 while (i1->iterate(i1, (void**)&t1) && i2->iterate(i2, (void**)&t2))
1102 {
1103 if (!t1->equals(t1, t2))
1104 {
1105 equals = FALSE;
1106 break;
1107 }
1108 }
1109 /* check if one iterator is not at the end */
1110 if (i1->has_next(i1) || i2->has_next(i2))
1111 {
1112 equals = FALSE;
1113 }
1114 i1->destroy(i1);
1115 i2->destroy(i2);
1116 return equals;
1117 }
1118
1119 /**
1120 * Implementation of ike_sa_t.route.
1121 */
1122 static status_t route(private_ike_sa_t *this, connection_t *connection, policy_t *policy)
1123 {
1124 child_sa_t *child_sa = NULL;
1125 iterator_t *iterator;
1126 linked_list_t *my_ts, *other_ts;
1127 status_t status;
1128
1129 /* check if not already routed*/
1130 iterator = this->child_sas->create_iterator(this->child_sas, TRUE);
1131 while (iterator->iterate(iterator, (void**)&child_sa))
1132 {
1133 linked_list_t *my_ts_conf, *other_ts_conf;
1134
1135 my_ts = child_sa->get_my_traffic_selectors(child_sa);
1136 other_ts = child_sa->get_other_traffic_selectors(child_sa);
1137
1138 my_ts_conf = policy->get_my_traffic_selectors(policy, this->my_host);
1139 other_ts_conf = policy->get_other_traffic_selectors(policy, this->other_host);
1140
1141 if (ts_list_equals(my_ts, my_ts_conf) &&
1142 ts_list_equals(other_ts, other_ts_conf))
1143 {
1144 ts_list_destroy(my_ts_conf);
1145 ts_list_destroy(other_ts_conf);
1146 iterator->destroy(iterator);
1147 this->logger->log(this->logger, CONTROL,
1148 "a CHILD_SA with such a policy already routed");
1149
1150 return FAILED;
1151 }
1152 ts_list_destroy(my_ts_conf);
1153 ts_list_destroy(other_ts_conf);
1154 }
1155 iterator->destroy(iterator);
1156
1157 switch (this->state)
1158 {
1159 case IKE_CREATED:
1160 case IKE_CONNECTING:
1161 /* we update IKE_SA information as good as possible,
1162 * this allows us to set up the SA later when an acquire comes in. */
1163 if (this->my_id->get_type(this->my_id) == ID_ANY)
1164 {
1165 this->my_id->destroy(this->my_id);
1166 this->my_id = policy->get_my_id(policy);
1167 this->my_id = this->my_id->clone(this->my_id);
1168 }
1169 if (this->other_id->get_type(this->other_id) == ID_ANY)
1170 {
1171 this->other_id->destroy(this->other_id);
1172 this->other_id = policy->get_other_id(policy);
1173 this->other_id = this->other_id->clone(this->other_id);
1174 }
1175 if (this->my_host->is_anyaddr(this->my_host))
1176 {
1177 this->my_host->destroy(this->my_host);
1178 this->my_host = connection->get_my_host(connection);
1179 this->my_host = this->my_host->clone(this->my_host);
1180 }
1181 if (this->other_host->is_anyaddr(this->other_host))
1182 {
1183 this->other_host->destroy(this->other_host);
1184 this->other_host = connection->get_other_host(connection);
1185 this->other_host = this->other_host->clone(this->other_host);
1186 }
1187 set_name(this, connection->get_name(connection));
1188 this->retrans_sequences = connection->get_retrans_seq(connection);
1189 this->dpd_delay = connection->get_dpd_delay(connection);
1190 break;
1191 case IKE_ESTABLISHED:
1192 case IKE_REKEYING:
1193 /* nothing to do. We allow it for rekeying, as it will be
1194 * adopted by the new IKE_SA */
1195 break;
1196 case IKE_DELETING:
1197 /* deny */
1198 return FAILED;
1199 }
1200
1201 child_sa = child_sa_create(0, this->my_host, this->other_host,
1202 0, 0, FALSE);
1203 child_sa->set_name(child_sa, policy->get_name(policy));
1204 my_ts = policy->get_my_traffic_selectors(policy, this->my_host);
1205 other_ts = policy->get_other_traffic_selectors(policy, this->other_host);
1206 status = child_sa->add_policies(child_sa, my_ts, other_ts);
1207 ts_list_destroy(my_ts);
1208 ts_list_destroy(other_ts);
1209 this->child_sas->insert_last(this->child_sas, child_sa);
1210
1211 return status;
1212 }
1213
1214 /**
1215 * Implementation of ike_sa_t.unroute.
1216 */
1217 static status_t unroute(private_ike_sa_t *this, policy_t *policy)
1218 {
1219 iterator_t *iterator;
1220 child_sa_t *child_sa = NULL;
1221 linked_list_t *my_ts, *other_ts, *my_ts_conf, *other_ts_conf;
1222
1223 /* find CHILD_SA in ROUTED state */
1224 iterator = this->child_sas->create_iterator(this->child_sas, TRUE);
1225 while (iterator->iterate(iterator, (void**)&child_sa))
1226 {
1227 if (child_sa->get_state(child_sa) == CHILD_ROUTED)
1228 {
1229 my_ts = child_sa->get_my_traffic_selectors(child_sa);
1230 other_ts = child_sa->get_other_traffic_selectors(child_sa);
1231
1232 my_ts_conf = policy->get_my_traffic_selectors(policy, this->my_host);
1233 other_ts_conf = policy->get_other_traffic_selectors(policy, this->other_host);
1234
1235 if (ts_list_equals(my_ts, my_ts_conf) &&
1236 ts_list_equals(other_ts, other_ts_conf))
1237 {
1238 iterator->remove(iterator);
1239 child_sa->destroy(child_sa);
1240 ts_list_destroy(my_ts_conf);
1241 ts_list_destroy(other_ts_conf);
1242 break;
1243 }
1244 ts_list_destroy(my_ts_conf);
1245 ts_list_destroy(other_ts_conf);
1246 }
1247 }
1248 iterator->destroy(iterator);
1249 /* if we are not established, and we have no more routed childs, remove whole SA */
1250 if (this->state == IKE_CREATED &&
1251 this->child_sas->get_count(this->child_sas) == 0)
1252 {
1253 return DESTROY_ME;
1254 }
1255 return SUCCESS;
1256 }
1257
1258 /**
1259 * Implementation of ike_sa_t.send_dpd
1260 */
1261 static status_t send_dpd(private_ike_sa_t *this)
1262 {
1263 send_dpd_job_t *job;
1264 time_t diff;
1265
1266 if (this->dpd_delay == 0)
1267 {
1268 /* DPD disabled */
1269 return SUCCESS;
1270 }
1271
1272 if (this->transaction_out)
1273 {
1274 /* there is a transaction in progress. Come back later */
1275 diff = 0;
1276 }
1277 else
1278 {
1279 /* check if there was any inbound traffic */
1280 time_t last_in, now;
1281 last_in = get_time_inbound(this);
1282 now = time(NULL);
1283 diff = now - last_in;
1284 if (diff >= this->dpd_delay)
1285 {
1286 /* to long ago, initiate dead peer detection */
1287 dead_peer_detection_t *dpd;
1288 this->logger->log(this->logger, CONTROL, "sending DPD request");
1289 dpd = dead_peer_detection_create(&this->public);
1290 queue_transaction(this, (transaction_t*)dpd, FALSE);
1291 diff = 0;
1292 }
1293 }
1294 /* recheck in "interval" seconds */
1295 job = send_dpd_job_create(this->ike_sa_id);
1296 charon->event_queue->add_relative(charon->event_queue, (job_t*)job,
1297 (this->dpd_delay - diff) * 1000);
1298 return SUCCESS;
1299 }
1300
1301 /**
1302 * Implementation of ike_sa_t.send_keepalive
1303 */
1304 static void send_keepalive(private_ike_sa_t *this)
1305 {
1306 send_keepalive_job_t *job;
1307 time_t last_out, now, diff, interval;
1308
1309 last_out = get_time_outbound(this);
1310 now = time(NULL);
1311
1312 diff = now - last_out;
1313 interval = charon->configuration->get_keepalive_interval(charon->configuration);
1314
1315 if (diff >= interval)
1316 {
1317 packet_t *packet;
1318 chunk_t data;
1319
1320 packet = packet_create();
1321 packet->set_source(packet, this->my_host->clone(this->my_host));
1322 packet->set_destination(packet, this->other_host->clone(this->other_host));
1323 data.ptr = malloc(1);
1324 data.ptr[0] = 0xFF;
1325 data.len = 1;
1326 packet->set_data(packet, data);
1327 charon->send_queue->add(charon->send_queue, packet);
1328 this->logger->log(this->logger, CONTROL, "sending keep alive");
1329 diff = 0;
1330 }
1331 job = send_keepalive_job_create(this->ike_sa_id);
1332 charon->event_queue->add_relative(charon->event_queue, (job_t*)job,
1333 (interval - diff) * 1000);
1334 }
1335
1336 /**
1337 * Implementation of ike_sa_t.get_state.
1338 */
1339 static ike_sa_state_t get_state(private_ike_sa_t *this)
1340 {
1341 return this->state;
1342 }
1343
1344 /**
1345 * Implementation of ike_sa_t.set_state.
1346 */
1347 static void set_state(private_ike_sa_t *this, ike_sa_state_t state)
1348 {
1349 this->logger->log(this->logger, CONTROL, "state change: %s => %s",
1350 mapping_find(ike_sa_state_m, this->state),
1351 mapping_find(ike_sa_state_m, state));
1352 if (state == IKE_ESTABLISHED)
1353 {
1354 this->time.established = time(NULL);
1355 this->logger->log(this->logger, AUDIT, "IKE_SA established: %s[%s]...%s[%s]",
1356 this->my_host->get_string(this->my_host),
1357 this->my_id->get_string(this->my_id),
1358 this->other_host->get_string(this->other_host),
1359 this->other_id->get_string(this->other_id));
1360 /* start DPD checks */
1361 send_dpd(this);
1362 }
1363 this->state = state;
1364 }
1365
1366 /**
1367 * Implementation of ike_sa_t.get_prf.
1368 */
1369 static prf_t *get_prf(private_ike_sa_t *this)
1370 {
1371 return this->prf;
1372 }
1373
1374 /**
1375 * Implementation of ike_sa_t.get_prf.
1376 */
1377 static prf_t *get_child_prf(private_ike_sa_t *this)
1378 {
1379 return this->child_prf;
1380 }
1381
1382 /**
1383 * Implementation of ike_sa_t.get_prf_auth_i.
1384 */
1385 static prf_t *get_prf_auth_i(private_ike_sa_t *this)
1386 {
1387 return this->prf_auth_i;
1388 }
1389
1390 /**
1391 * Implementation of ike_sa_t.get_prf_auth_r.
1392 */
1393 static prf_t *get_prf_auth_r(private_ike_sa_t *this)
1394 {
1395 return this->prf_auth_r;
1396 }
1397
1398 /**
1399 * Implementation of ike_sa_t.get_id.
1400 */
1401 static ike_sa_id_t* get_id(private_ike_sa_t *this)
1402 {
1403 return this->ike_sa_id;
1404 }
1405
1406 /**
1407 * Implementation of ike_sa_t.get_my_id.
1408 */
1409 static identification_t* get_my_id(private_ike_sa_t *this)
1410 {
1411 return this->my_id;
1412 }
1413
1414 /**
1415 * Implementation of ike_sa_t.set_my_id.
1416 */
1417 static void set_my_id(private_ike_sa_t *this, identification_t *me)
1418 {
1419 DESTROY_IF(this->my_id);
1420 this->my_id = me;
1421 }
1422
1423 /**
1424 * Implementation of ike_sa_t.get_other_id.
1425 */
1426 static identification_t* get_other_id(private_ike_sa_t *this)
1427 {
1428 return this->other_id;
1429 }
1430
1431 /**
1432 * Implementation of ike_sa_t.set_other_id.
1433 */
1434 static void set_other_id(private_ike_sa_t *this, identification_t *other)
1435 {
1436 DESTROY_IF(this->other_id);
1437 this->other_id = other;
1438 }
1439
1440 /**
1441 * Implementation of ike_sa_t.derive_keys.
1442 */
1443 static status_t derive_keys(private_ike_sa_t *this,
1444 proposal_t *proposal, diffie_hellman_t *dh,
1445 chunk_t nonce_i, chunk_t nonce_r,
1446 bool initiator, prf_t *child_prf, prf_t *old_prf)
1447 {
1448 prf_plus_t *prf_plus;
1449 chunk_t skeyseed, secret, key, nonces, prf_plus_seed;
1450 algorithm_t *algo;
1451 size_t key_size;
1452 crypter_t *crypter_i, *crypter_r;
1453 signer_t *signer_i, *signer_r;
1454 u_int8_t spi_i_buf[sizeof(u_int64_t)], spi_r_buf[sizeof(u_int64_t)];
1455 chunk_t spi_i = chunk_from_buf(spi_i_buf);
1456 chunk_t spi_r = chunk_from_buf(spi_r_buf);
1457
1458 /* Create SAs general purpose PRF first, we may use it here */
1459 if (!proposal->get_algorithm(proposal, PSEUDO_RANDOM_FUNCTION, &algo))
1460 {
1461 this->logger->log(this->logger, ERROR, "no PSEUDO_RANDOM_FUNCTION selected!");
1462 return FAILED;
1463 }
1464 this->prf = prf_create(algo->algorithm);
1465 if (this->prf == NULL)
1466 {
1467 this->logger->log(this->logger, ERROR, "PSEUDO_RANDOM_FUNCTION %s not supported!",
1468 mapping_find(pseudo_random_function_m, algo->algorithm));
1469 return FAILED;
1470 }
1471
1472 dh->get_shared_secret(dh, &secret);
1473 this->logger->log_chunk(this->logger, PRIVATE, "shared Diffie Hellman secret", secret);
1474 nonces = chunk_cat("cc", nonce_i, nonce_r);
1475 *((u_int64_t*)spi_i.ptr) = this->ike_sa_id->get_initiator_spi(this->ike_sa_id);
1476 *((u_int64_t*)spi_r.ptr) = this->ike_sa_id->get_responder_spi(this->ike_sa_id);
1477 prf_plus_seed = chunk_cat("ccc", nonces, spi_i, spi_r);
1478
1479 /* KEYMAT = prf+ (SKEYSEED, Ni | Nr | SPIi | SPIr)
1480 *
1481 * if we are rekeying, SKEYSEED built on another way
1482 */
1483 if (child_prf == NULL) /* not rekeying */
1484 {
1485 /* SKEYSEED = prf(Ni | Nr, g^ir) */
1486 this->prf->set_key(this->prf, nonces);
1487 this->prf->allocate_bytes(this->prf, secret, &skeyseed);
1488 this->logger->log_chunk(this->logger, PRIVATE|LEVEL1, "SKEYSEED", skeyseed);
1489 this->prf->set_key(this->prf, skeyseed);
1490 chunk_free(&skeyseed);
1491 chunk_free(&secret);
1492 prf_plus = prf_plus_create(this->prf, prf_plus_seed);
1493 }
1494 else
1495 {
1496 /* SKEYSEED = prf(SK_d (old), [g^ir (new)] | Ni | Nr)
1497 * use OLD SAs PRF functions for both prf_plus and prf */
1498 secret = chunk_cat("mc", secret, nonces);
1499 child_prf->allocate_bytes(child_prf, secret, &skeyseed);
1500 this->logger->log_chunk(this->logger, PRIVATE|LEVEL1, "SKEYSEED", skeyseed);
1501 old_prf->set_key(old_prf, skeyseed);
1502 chunk_free(&skeyseed);
1503 chunk_free(&secret);
1504 prf_plus = prf_plus_create(old_prf, prf_plus_seed);
1505 }
1506 chunk_free(&nonces);
1507 chunk_free(&prf_plus_seed);
1508
1509 /* KEYMAT = SK_d | SK_ai | SK_ar | SK_ei | SK_er | SK_pi | SK_pr */
1510
1511 /* SK_d is used for generating CHILD_SA key mat => child_prf */
1512 proposal->get_algorithm(proposal, PSEUDO_RANDOM_FUNCTION, &algo);
1513 this->child_prf = prf_create(algo->algorithm);
1514 key_size = this->child_prf->get_key_size(this->child_prf);
1515 prf_plus->allocate_bytes(prf_plus, key_size, &key);
1516 this->logger->log_chunk(this->logger, PRIVATE, "Sk_d secret", key);
1517 this->child_prf->set_key(this->child_prf, key);
1518 chunk_free(&key);
1519
1520 /* SK_ai/SK_ar used for integrity protection => signer_in/signer_out */
1521 if (!proposal->get_algorithm(proposal, INTEGRITY_ALGORITHM, &algo))
1522 {
1523 this->logger->log(this->logger, ERROR, "no INTEGRITY_ALGORITHM selected?!");
1524 return FAILED;
1525 }
1526 signer_i = signer_create(algo->algorithm);
1527 signer_r = signer_create(algo->algorithm);
1528 if (signer_i == NULL || signer_r == NULL)
1529 {
1530 this->logger->log(this->logger, ERROR, "INTEGRITY_ALGORITHM %s not supported!",
1531 mapping_find(integrity_algorithm_m,algo->algorithm));
1532 return FAILED;
1533 }
1534 key_size = signer_i->get_key_size(signer_i);
1535
1536 prf_plus->allocate_bytes(prf_plus, key_size, &key);
1537 this->logger->log_chunk(this->logger, PRIVATE, "Sk_ai secret", key);
1538 signer_i->set_key(signer_i, key);
1539 chunk_free(&key);
1540
1541 prf_plus->allocate_bytes(prf_plus, key_size, &key);
1542 this->logger->log_chunk(this->logger, PRIVATE, "Sk_ar secret", key);
1543 signer_r->set_key(signer_r, key);
1544 chunk_free(&key);
1545
1546 if (initiator)
1547 {
1548 this->signer_in = signer_r;
1549 this->signer_out = signer_i;
1550 }
1551 else
1552 {
1553 this->signer_in = signer_i;
1554 this->signer_out = signer_r;
1555 }
1556
1557 /* SK_ei/SK_er used for encryption => crypter_in/crypter_out */
1558 if (!proposal->get_algorithm(proposal, ENCRYPTION_ALGORITHM, &algo))
1559 {
1560 this->logger->log(this->logger, ERROR, "no ENCRYPTION_ALGORITHM selected!");
1561 return FAILED;
1562 }
1563 crypter_i = crypter_create(algo->algorithm, algo->key_size / 8);
1564 crypter_r = crypter_create(algo->algorithm, algo->key_size / 8);
1565 if (crypter_i == NULL || crypter_r == NULL)
1566 {
1567 this->logger->log(this->logger, ERROR,
1568 "ENCRYPTION_ALGORITHM %s (key size %d) not supported!",
1569 mapping_find(encryption_algorithm_m, algo->algorithm),
1570 algo->key_size);
1571 return FAILED;
1572 }
1573 key_size = crypter_i->get_key_size(crypter_i);
1574
1575 prf_plus->allocate_bytes(prf_plus, key_size, &key);
1576 this->logger->log_chunk(this->logger, PRIVATE, "Sk_ei secret", key);
1577 crypter_i->set_key(crypter_i, key);
1578 chunk_free(&key);
1579
1580 prf_plus->allocate_bytes(prf_plus, key_size, &key);
1581 this->logger->log_chunk(this->logger, PRIVATE, "Sk_er secret", key);
1582 crypter_r->set_key(crypter_r, key);
1583 chunk_free(&key);
1584
1585 if (initiator)
1586 {
1587 this->crypter_in = crypter_r;
1588 this->crypter_out = crypter_i;
1589 }
1590 else
1591 {
1592 this->crypter_in = crypter_i;
1593 this->crypter_out = crypter_r;
1594 }
1595
1596 /* SK_pi/SK_pr used for authentication => prf_auth_i, prf_auth_r */
1597 proposal->get_algorithm(proposal, PSEUDO_RANDOM_FUNCTION, &algo);
1598 this->prf_auth_i = prf_create(algo->algorithm);
1599 this->prf_auth_r = prf_create(algo->algorithm);
1600
1601 key_size = this->prf_auth_i->get_key_size(this->prf_auth_i);
1602 prf_plus->allocate_bytes(prf_plus, key_size, &key);
1603 this->logger->log_chunk(this->logger, PRIVATE, "Sk_pi secret", key);
1604 this->prf_auth_i->set_key(this->prf_auth_i, key);
1605 chunk_free(&key);
1606
1607 prf_plus->allocate_bytes(prf_plus, key_size, &key);
1608 this->logger->log_chunk(this->logger, PRIVATE, "Sk_pr secret", key);
1609 this->prf_auth_r->set_key(this->prf_auth_r, key);
1610 chunk_free(&key);
1611
1612 /* all done, prf_plus not needed anymore */
1613 prf_plus->destroy(prf_plus);
1614
1615 return SUCCESS;
1616
1617 }
1618
1619 /**
1620 * Implementation of ike_sa_t.add_child_sa.
1621 */
1622 static void add_child_sa(private_ike_sa_t *this, child_sa_t *child_sa)
1623 {
1624 this->child_sas->insert_last(this->child_sas, child_sa);
1625 }
1626
1627 /**
1628 * Implementation of ike_sa_t.has_child_sa.
1629 */
1630 static bool has_child_sa(private_ike_sa_t *this, u_int32_t reqid)
1631 {
1632 iterator_t *iterator;
1633 child_sa_t *current;
1634 bool found = FALSE;
1635
1636 iterator = this->child_sas->create_iterator(this->child_sas, TRUE);
1637 while (iterator->iterate(iterator, (void**)&current))
1638 {
1639 if (current->get_reqid(current) == reqid)
1640 {
1641 found = TRUE;
1642 break;
1643 }
1644 }
1645 iterator->destroy(iterator);
1646 return found;
1647 }
1648
1649 /**
1650 * Implementation of ike_sa_t.get_child_sa.
1651 */
1652 static child_sa_t* get_child_sa(private_ike_sa_t *this, protocol_id_t protocol,
1653 u_int32_t spi, bool inbound)
1654 {
1655 iterator_t *iterator;
1656 child_sa_t *current, *found = NULL;
1657
1658 iterator = this->child_sas->create_iterator(this->child_sas, TRUE);
1659 while (iterator->has_next(iterator))
1660 {
1661 iterator->current(iterator, (void**)&current);
1662 if (current->get_spi(current, inbound) == spi &&
1663 current->get_protocol(current) == protocol)
1664 {
1665 found = current;
1666 }
1667 }
1668 iterator->destroy(iterator);
1669 return found;
1670 }
1671
1672 /**
1673 * Implementation of ike_sa_t.create_child_sa_iterator.
1674 */
1675 static iterator_t* create_child_sa_iterator(private_ike_sa_t *this)
1676 {
1677 return this->child_sas->create_iterator(this->child_sas, TRUE);
1678 }
1679
1680 /**
1681 * Implementation of ike_sa_t.rekey_child_sa.
1682 */
1683 static status_t rekey_child_sa(private_ike_sa_t *this, protocol_id_t protocol, u_int32_t spi)
1684 {
1685 create_child_sa_t *rekey;
1686 child_sa_t *child_sa;
1687
1688 child_sa = get_child_sa(this, protocol, spi, TRUE);
1689 if (child_sa == NULL)
1690 {
1691 return NOT_FOUND;
1692 }
1693
1694 rekey = create_child_sa_create(&this->public);
1695 rekey->rekeys_child(rekey, child_sa);
1696 return queue_transaction(this, (transaction_t*)rekey, FALSE);
1697 }
1698
1699 /**
1700 * Implementation of ike_sa_t.delete_child_sa.
1701 */
1702 static status_t delete_child_sa(private_ike_sa_t *this, protocol_id_t protocol, u_int32_t spi)
1703 {
1704 delete_child_sa_t *del;
1705 child_sa_t *child_sa;
1706
1707 child_sa = get_child_sa(this, protocol, spi, TRUE);
1708 if (child_sa == NULL)
1709 {
1710 return NOT_FOUND;
1711 }
1712
1713 del = delete_child_sa_create(&this->public);
1714 del->set_child_sa(del, child_sa);
1715 return queue_transaction(this, (transaction_t*)del, FALSE);
1716 }
1717
1718 /**
1719 * Implementation of ike_sa_t.destroy_child_sa.
1720 */
1721 static status_t destroy_child_sa(private_ike_sa_t *this, protocol_id_t protocol, u_int32_t spi)
1722 {
1723 iterator_t *iterator;
1724 child_sa_t *child_sa;
1725 status_t status = NOT_FOUND;
1726
1727 iterator = this->child_sas->create_iterator(this->child_sas, TRUE);
1728 while (iterator->iterate(iterator, (void**)&child_sa))
1729 {
1730 if (child_sa->get_protocol(child_sa) == protocol &&
1731 child_sa->get_spi(child_sa, TRUE) == spi)
1732 {
1733 child_sa->destroy(child_sa);
1734 iterator->remove(iterator);
1735 status = SUCCESS;
1736 break;
1737 }
1738 }
1739 iterator->destroy(iterator);
1740 return status;
1741 }
1742
1743 /**
1744 * Implementation of ike_sa_t.set_lifetimes.
1745 */
1746 static void set_lifetimes(private_ike_sa_t *this,
1747 u_int32_t soft_lifetime, u_int32_t hard_lifetime)
1748 {
1749 job_t *job;
1750
1751 if (soft_lifetime)
1752 {
1753 this->time.rekey = this->time.established + soft_lifetime;
1754 job = (job_t*)rekey_ike_sa_job_create(this->ike_sa_id);
1755 charon->event_queue->add_relative(charon->event_queue, job,
1756 soft_lifetime * 1000);
1757 }
1758
1759 if (hard_lifetime)
1760 {
1761 this->time.delete = this->time.established + hard_lifetime;
1762 job = (job_t*)delete_ike_sa_job_create(this->ike_sa_id, TRUE);
1763 charon->event_queue->add_relative(charon->event_queue, job,
1764 hard_lifetime * 1000);
1765 }
1766 }
1767
1768 /**
1769 * Implementation of ike_sa_t.rekey.
1770 */
1771 static status_t rekey(private_ike_sa_t *this)
1772 {
1773 rekey_ike_sa_t *rekey_ike_sa;
1774
1775 this->logger->log(this->logger, CONTROL,
1776 "rekeying IKE_SA between %s[%s]..%s[%s]",
1777 this->my_host->get_string(this->my_host),
1778 this->my_id->get_string(this->my_id),
1779 this->other_host->get_string(this->other_host),
1780 this->other_id->get_string(this->other_id));
1781
1782 if (this->state != IKE_ESTABLISHED)
1783 {
1784 this->logger->log(this->logger, ERROR,
1785 "unable to rekey IKE_SA in state %s",
1786 mapping_find(ike_sa_state_m, this->state));
1787 return FAILED;
1788 }
1789
1790 rekey_ike_sa = rekey_ike_sa_create(&this->public);
1791 return queue_transaction(this, (transaction_t*)rekey_ike_sa, FALSE);
1792 }
1793
1794 /**
1795 * Implementation of ike_sa_t.get_rekeying_transaction.
1796 */
1797 static rekey_ike_sa_t* get_rekeying_transaction(private_ike_sa_t *this)
1798 {
1799 return this->rekeying_transaction;
1800 }
1801
1802 /**
1803 * Implementation of ike_sa_t.set_rekeying_transaction.
1804 */
1805 static void set_rekeying_transaction(private_ike_sa_t *this, rekey_ike_sa_t *rekey)
1806 {
1807 this->rekeying_transaction = rekey;
1808 }
1809
1810 /**
1811 * Implementation of ike_sa_t.adopt_children.
1812 */
1813 static void adopt_children(private_ike_sa_t *this, private_ike_sa_t *other)
1814 {
1815 child_sa_t *child_sa;
1816
1817 while (other->child_sas->remove_last(other->child_sas,
1818 (void**)&child_sa) == SUCCESS)
1819 {
1820 this->child_sas->insert_first(this->child_sas, (void*)child_sa);
1821 }
1822 }
1823
1824 /**
1825 * Implementation of ike_sa_t.log_status.
1826 */
1827 static void log_status(private_ike_sa_t *this, logger_t *logger, char *name)
1828 {
1829 iterator_t *iterator;
1830 child_sa_t *child_sa;
1831 bool contains_child = FALSE;
1832
1833 /* check for a CHILD_SA with specified name. We then print the IKE_SA,
1834 * even it has another name */
1835 if (name != NULL)
1836 {
1837 iterator = this->child_sas->create_iterator(this->child_sas, TRUE);
1838 while (iterator->iterate(iterator, (void**)&child_sa))
1839 {
1840 if (streq(name, child_sa->get_name(child_sa)))
1841 {
1842 contains_child = TRUE;
1843 break;
1844 }
1845 }
1846 iterator->destroy(iterator);
1847 }
1848
1849 if (name == NULL || contains_child || streq(name, this->name))
1850 {
1851 if (logger == NULL)
1852 {
1853 logger = this->logger;
1854 }
1855 logger->log(logger, CONTROL|LEVEL1,
1856 " \"%s\": IKE_SA in state %s, SPIs: 0x%.16llx 0x%.16llx",
1857 this->name,
1858 mapping_find(ike_sa_state_m, this->state),
1859 this->ike_sa_id->get_initiator_spi(this->ike_sa_id),
1860 this->ike_sa_id->get_responder_spi(this->ike_sa_id));
1861 logger->log(logger, CONTROL, " \"%s\": %s[%s]...%s[%s]",
1862 this->name,
1863 this->my_host->get_string(this->my_host),
1864 this->my_id->get_string(this->my_id),
1865 this->other_host->get_string(this->other_host),
1866 this->other_id->get_string(this->other_id));
1867
1868 iterator = this->child_sas->create_iterator(this->child_sas, TRUE);
1869 while (iterator->has_next(iterator))
1870 {
1871 iterator->current(iterator, (void**)&child_sa);
1872 child_sa->log_status(child_sa, logger);
1873 }
1874 iterator->destroy(iterator);
1875 }
1876 }
1877
1878 /**
1879 * Implementation of public_ike_sa_t.delete.
1880 */
1881 static status_t delete_(private_ike_sa_t *this)
1882 {
1883 switch (this->state)
1884 {
1885 case IKE_CONNECTING:
1886 case IKE_ESTABLISHED:
1887 {
1888 delete_ike_sa_t *delete_ike_sa;
1889 if (this->transaction_out)
1890 {
1891 /* already a transaction in progress. As this may hang
1892 * around a while, we don't inform the other peer. */
1893 return DESTROY_ME;
1894 }
1895 delete_ike_sa = delete_ike_sa_create(&this->public);
1896 return queue_transaction(this, (transaction_t*)delete_ike_sa, FALSE);
1897 }
1898 case IKE_CREATED:
1899 case IKE_DELETING:
1900 default:
1901 {
1902 return DESTROY_ME;
1903 }
1904 }
1905 }
1906
1907 /**
1908 * Implementation of ike_sa_t.get_next_message_id.
1909 */
1910 static u_int32_t get_next_message_id (private_ike_sa_t *this)
1911 {
1912 return this->message_id_out++;
1913 }
1914
1915 /**
1916 * Implementation of ike_sa_t.is_natt_enabled.
1917 */
1918 static bool is_natt_enabled (private_ike_sa_t *this)
1919 {
1920 return this->nat_here || this->nat_there;
1921 }
1922
1923 /**
1924 * Implementation of ike_sa_t.enable_natt.
1925 */
1926 static void enable_natt (private_ike_sa_t *this, bool local)
1927 {
1928 if (local)
1929 {
1930 this->logger->log(this->logger, CONTROL,
1931 "local host is behind NAT, using NAT-T, scheduled keep alives");
1932 this->nat_here = TRUE;
1933 send_keepalive(this);
1934 }
1935 else
1936 {
1937 this->logger->log(this->logger, CONTROL,
1938 "remote host is behind NAT, using NAT-T");
1939 this->nat_there = TRUE;
1940 }
1941 }
1942
1943 /**
1944 * Implementation of ike_sa_t.destroy.
1945 */
1946 static void destroy(private_ike_sa_t *this)
1947 {
1948 child_sa_t *child_sa;
1949 transaction_t *transaction;
1950
1951 this->logger->log(this->logger, CONTROL|LEVEL2, "going to destroy IKE SA %llu:%llu, role %s",
1952 this->ike_sa_id->get_initiator_spi(this->ike_sa_id),
1953 this->ike_sa_id->get_responder_spi(this->ike_sa_id),
1954 this->ike_sa_id->is_initiator(this->ike_sa_id) ? "initiator" : "responder");
1955
1956 if (this->state == IKE_ESTABLISHED)
1957 {
1958 this->logger->log(this->logger, ERROR,
1959 "destroying an established IKE SA without knowledge from remote peer!");
1960 }
1961
1962 while (this->child_sas->remove_last(this->child_sas, (void**)&child_sa) == SUCCESS)
1963 {
1964 child_sa->destroy(child_sa);
1965 }
1966 this->child_sas->destroy(this->child_sas);
1967
1968 while (this->transaction_queue->remove_last(this->transaction_queue, (void**)&transaction) == SUCCESS)
1969 {
1970 transaction->destroy(transaction);
1971 }
1972 this->transaction_queue->destroy(this->transaction_queue);
1973
1974 DESTROY_IF(this->transaction_in);
1975 DESTROY_IF(this->transaction_in_next);
1976 DESTROY_IF(this->transaction_out);
1977 DESTROY_IF(this->crypter_in);
1978 DESTROY_IF(this->crypter_out);
1979 DESTROY_IF(this->signer_in);
1980 DESTROY_IF(this->signer_out);
1981 DESTROY_IF(this->prf);
1982 DESTROY_IF(this->child_prf);
1983 DESTROY_IF(this->prf_auth_i);
1984 DESTROY_IF(this->prf_auth_r);
1985
1986 this->logger->log(this->logger, AUDIT,
1987 "IKE_SA deleted between %s[%s]...%s[%s]",
1988 this->my_host->get_string(this->my_host),
1989 this->my_id->get_string(this->my_id),
1990 this->other_host->get_string(this->other_host),
1991 this->other_id->get_string(this->other_id));
1992
1993 DESTROY_IF(this->my_host);
1994 DESTROY_IF(this->other_host);
1995 DESTROY_IF(this->my_id);
1996 DESTROY_IF(this->other_id);
1997
1998 free(this->name);
1999 this->ike_sa_id->destroy(this->ike_sa_id);
2000 free(this);
2001 }
2002
2003 /*
2004 * Described in header.
2005 */
2006 ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id)
2007 {
2008 private_ike_sa_t *this = malloc_thing(private_ike_sa_t);
2009
2010 /* Public functions */
2011 this->public.get_state = (ike_sa_state_t(*)(ike_sa_t*)) get_state;
2012 this->public.set_state = (void(*)(ike_sa_t*,ike_sa_state_t)) set_state;
2013 this->public.get_name = (char*(*)(ike_sa_t*))get_name;
2014 this->public.set_name = (void(*)(ike_sa_t*,char*))set_name;
2015 this->public.process_message = (status_t(*)(ike_sa_t*, message_t*)) process_message;
2016 this->public.initiate = (status_t(*)(ike_sa_t*,connection_t*,policy_t*)) initiate;
2017 this->public.route = (status_t(*)(ike_sa_t*,connection_t*,policy_t*)) route;
2018 this->public.unroute = (status_t(*)(ike_sa_t*,policy_t*)) unroute;
2019 this->public.acquire = (status_t(*)(ike_sa_t*,u_int32_t)) acquire;
2020 this->public.get_id = (ike_sa_id_t*(*)(ike_sa_t*)) get_id;
2021 this->public.get_my_host = (host_t*(*)(ike_sa_t*)) get_my_host;
2022 this->public.set_my_host = (void(*)(ike_sa_t*,host_t*)) set_my_host;
2023 this->public.get_other_host = (host_t*(*)(ike_sa_t*)) get_other_host;
2024 this->public.set_other_host = (void(*)(ike_sa_t*,host_t*)) set_other_host;
2025 this->public.get_my_id = (identification_t*(*)(ike_sa_t*)) get_my_id;
2026 this->public.set_my_id = (void(*)(ike_sa_t*,identification_t*)) set_my_id;
2027 this->public.get_other_id = (identification_t*(*)(ike_sa_t*)) get_other_id;
2028 this->public.set_other_id = (void(*)(ike_sa_t*,identification_t*)) set_other_id;
2029 this->public.get_next_message_id = (u_int32_t(*)(ike_sa_t*)) get_next_message_id;
2030 this->public.retransmit_request = (status_t (*) (ike_sa_t *, u_int32_t)) retransmit_request;
2031 this->public.log_status = (void (*) (ike_sa_t*,logger_t*,char*))log_status;
2032 this->public.delete = (status_t(*)(ike_sa_t*))delete_;
2033 this->public.destroy = (void(*)(ike_sa_t*))destroy;
2034 this->public.send_dpd = (status_t (*)(ike_sa_t*)) send_dpd;
2035 this->public.send_keepalive = (void (*)(ike_sa_t*)) send_keepalive;
2036 this->public.get_prf = (prf_t *(*) (ike_sa_t *)) get_prf;
2037 this->public.get_child_prf = (prf_t *(*) (ike_sa_t *)) get_child_prf;
2038 this->public.get_prf_auth_i = (prf_t *(*) (ike_sa_t *)) get_prf_auth_i;
2039 this->public.get_prf_auth_r = (prf_t *(*) (ike_sa_t *)) get_prf_auth_r;
2040 this->public.derive_keys = (status_t (*) (ike_sa_t *,proposal_t*,diffie_hellman_t*,chunk_t,chunk_t,bool,prf_t*,prf_t*)) derive_keys;
2041 this->public.add_child_sa = (void (*) (ike_sa_t*,child_sa_t*)) add_child_sa;
2042 this->public.has_child_sa = (bool(*)(ike_sa_t*,u_int32_t)) has_child_sa;
2043 this->public.get_child_sa = (child_sa_t* (*)(ike_sa_t*,protocol_id_t,u_int32_t,bool)) get_child_sa;
2044 this->public.create_child_sa_iterator = (iterator_t* (*)(ike_sa_t*)) create_child_sa_iterator;
2045 this->public.rekey_child_sa = (status_t(*)(ike_sa_t*,protocol_id_t,u_int32_t)) rekey_child_sa;
2046 this->public.delete_child_sa = (status_t(*)(ike_sa_t*,protocol_id_t,u_int32_t)) delete_child_sa;
2047 this->public.destroy_child_sa = (status_t (*)(ike_sa_t*,protocol_id_t,u_int32_t))destroy_child_sa;
2048 this->public.enable_natt = (void(*)(ike_sa_t*, bool)) enable_natt;
2049 this->public.is_natt_enabled = (bool(*)(ike_sa_t*)) is_natt_enabled;
2050 this->public.set_lifetimes = (void(*)(ike_sa_t*,u_int32_t,u_int32_t))set_lifetimes;
2051 this->public.rekey = (status_t(*)(ike_sa_t*))rekey;
2052 this->public.get_rekeying_transaction = (void*(*)(ike_sa_t*))get_rekeying_transaction;
2053 this->public.set_rekeying_transaction = (void(*)(ike_sa_t*,void*))set_rekeying_transaction;
2054 this->public.adopt_children = (void(*)(ike_sa_t*,ike_sa_t*))adopt_children;
2055
2056 /* initialize private fields */
2057 this->logger = logger_manager->get_logger(logger_manager, IKE_SA);
2058 this->ike_sa_id = ike_sa_id->clone(ike_sa_id);
2059 this->name = strdup("(uninitialized)");
2060 this->child_sas = linked_list_create();
2061 this->my_host = host_create_from_string("0.0.0.0", 0);
2062 this->other_host = host_create_from_string("0.0.0.0", 0);
2063 this->my_id = identification_create_from_encoding(ID_ANY, CHUNK_INITIALIZER);
2064 this->other_id = identification_create_from_encoding(ID_ANY, CHUNK_INITIALIZER);
2065 this->crypter_in = NULL;
2066 this->crypter_out = NULL;
2067 this->signer_in = NULL;
2068 this->signer_out = NULL;
2069 this->prf = NULL;
2070 this->prf_auth_i = NULL;
2071 this->prf_auth_r = NULL;
2072 this->child_prf = NULL;
2073 this->nat_here = FALSE;
2074 this->nat_there = FALSE;
2075 this->transaction_queue = linked_list_create();
2076 this->transaction_in = NULL;
2077 this->transaction_in_next = NULL;
2078 this->transaction_out = NULL;
2079 this->rekeying_transaction = NULL;
2080 this->state = IKE_CREATED;
2081 this->message_id_out = 0;
2082 /* set to NOW, as when we rekey an existing IKE_SA no message is exchanged */
2083 this->time.inbound = this->time.outbound = time(NULL);
2084 this->time.established = 0;
2085 this->time.rekey = 0;
2086 this->time.delete = 0;
2087 this->dpd_delay = 0;
2088 this->retrans_sequences = 0;
2089
2090 return &this->public;
2091 }