fixed a memleak
[strongswan.git] / src / charon / sa / states / ike_sa_init_responded.c
1 /**
2 * @file ike_sa_init_responded.c
3 *
4 * @brief State of a IKE_SA after responding to an IKE_SA_INIT request
5 *
6 */
7
8 /*
9 * Copyright (C) 2005 Jan Hutter, Martin Willi
10 * Hochschule fuer Technik Rapperswil
11 *
12 * This program is free software; you can redistribute it and/or modify it
13 * under the terms of the GNU General Public License as published by the
14 * Free Software Foundation; either version 2 of the License, or (at your
15 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
16 *
17 * This program is distributed in the hope that it will be useful, but
18 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
19 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
20 * for more details.
21 */
22
23 #include <string.h>
24
25 #include "ike_sa_init_responded.h"
26
27 #include <daemon.h>
28 #include <sa/authenticator.h>
29 #include <sa/child_sa.h>
30 #include <encoding/payloads/ts_payload.h>
31 #include <encoding/payloads/sa_payload.h>
32 #include <encoding/payloads/id_payload.h>
33 #include <encoding/payloads/auth_payload.h>
34 #include <encoding/payloads/notify_payload.h>
35 #include <crypto/signers/signer.h>
36 #include <crypto/crypters/crypter.h>
37 #include <sa/states/ike_sa_established.h>
38
39
40 typedef struct private_ike_sa_init_responded_t private_ike_sa_init_responded_t;
41
42 /**
43 * Private data of a ike_sa_init_responded_t object.
44 *
45 */
46 struct private_ike_sa_init_responded_t {
47 /**
48 * Public interface of ike_sa_init_responded_t.
49 */
50 ike_sa_init_responded_t public;
51
52 /**
53 * Assigned IKE_SA.
54 */
55 protected_ike_sa_t *ike_sa;
56
57 /**
58 * Received nonce.
59 */
60 chunk_t received_nonce;
61
62 /**
63 * Sent nonce.
64 */
65 chunk_t sent_nonce;
66
67 /**
68 * Binary representation of the IKE_SA_INIT response.
69 */
70 chunk_t ike_sa_init_response_data;
71
72 /**
73 * Binary representation of the IKE_SA_INIT request.
74 */
75 chunk_t ike_sa_init_request_data;
76
77 /**
78 * SA config to use.
79 */
80 policy_t *policy;
81
82 /**
83 * CHILD_SA, if set up
84 */
85 child_sa_t *child_sa;
86
87 /**
88 * Traffic selectors applicable at our site
89 */
90 linked_list_t *my_ts;
91
92 /**
93 * Traffic selectors applicable at remote site
94 */
95 linked_list_t *other_ts;
96
97 /**
98 * Assigned logger.
99 *
100 * Is logger of ike_sa!
101 */
102 logger_t *logger;
103
104 /**
105 * Process received IDi and IDr payload and build IDr payload for IKE_AUTH response.
106 *
107 * @param this calling object
108 * @param request_idi ID payload representing initiator
109 * @param request_idr ID payload representing responder (May be zero)
110 * @param response The created IDr payload is added to this message_t object
111 * @param response_idr The created IDr payload is also written to this location
112 */
113 status_t (*build_idr_payload) (private_ike_sa_init_responded_t *this,
114 id_payload_t *request_idi,
115 id_payload_t *request_idr,
116 message_t *response,
117 id_payload_t **response_idr);
118
119 /**
120 * Process received SA payload and build SA payload for IKE_AUTH response.
121 *
122 * @param this calling object
123 * @param request SA payload received in IKE_AUTH request
124 * @param response The created SA payload is added to this message_t object
125 */
126 status_t (*build_sa_payload) (private_ike_sa_init_responded_t *this, sa_payload_t *request, message_t *response);
127
128 /**
129 * Process received AUTH payload and build AUTH payload for IKE_AUTH response.
130 *
131 * @param this calling object
132 * @param request AUTH payload received in IKE_AUTH request
133 * @param other_id_payload other ID payload needed to verify AUTH data
134 * @param my_id_payload my ID payload needed to compute AUTH data
135 * @param response The created AUTH payload is added to this message_t object
136 */
137 status_t (*build_auth_payload) (private_ike_sa_init_responded_t *this, auth_payload_t *request,id_payload_t *other_id_payload,id_payload_t *my_id_payload, message_t* response);
138
139 /**
140 * Process received TS payload and build TS payload for IKE_AUTH response.
141 *
142 * @param this calling object
143 * @param is_initiator type of TS payload. TRUE for TSi, FALSE for TSr
144 * @param request TS payload received in IKE_AUTH request
145 * @param response the created TS payload is added to this message_t object
146 */
147 status_t (*build_ts_payload) (private_ike_sa_init_responded_t *this, bool ts_initiator, ts_payload_t *request, message_t *response);
148
149 /**
150 * Sends a IKE_AUTH reply containing a notify payload.
151 *
152 * @param this calling object
153 * @param notify_payload payload to process
154 * @return
155 * - DESTROY_ME if IKE_SA should be deleted
156 * - SUCCSS if processed successfull
157 */
158 status_t (*process_notify_payload) (private_ike_sa_init_responded_t *this, notify_payload_t* notify_payload);
159
160 /**
161 * Destroy function called internally of this class after state change to
162 * state IKE_SA_ESTABLISHED succeeded.
163 *
164 * This destroy function does not destroy objects which were passed to the new state.
165 *
166 * @param this calling object
167 */
168 void (*destroy_after_state_change) (private_ike_sa_init_responded_t *this);
169 };
170
171 /**
172 * Implements state_t.get_state
173 */
174 static status_t process_message(private_ike_sa_init_responded_t *this, message_t *request)
175 {
176 id_payload_t *idi_request = NULL, *idr_request = NULL,*idr_response;
177 ts_payload_t *tsi_request = NULL, *tsr_request = NULL;
178 auth_payload_t *auth_request = NULL;
179 sa_payload_t *sa_request = NULL;
180 iterator_t *payloads;
181 message_t *response;
182 crypter_t *crypter;
183 signer_t *signer;
184 status_t status;
185 host_t *my_host, *other_host;
186 identification_t *my_id, *other_id;
187 connection_t *connection;
188 policy_t *policy;
189
190 if (request->get_exchange_type(request) != IKE_AUTH)
191 {
192 this->logger->log(this->logger, ERROR | LEVEL1, "Message of type %s not supported in state ike_sa_init_responded",
193 mapping_find(exchange_type_m,request->get_exchange_type(request)));
194 return FAILED;
195 }
196
197 if (!request->get_request(request))
198 {
199 this->logger->log(this->logger, ERROR | LEVEL1, "IKE_AUTH responses not allowed state ike_sa_init_responded");
200 return FAILED;
201 }
202
203 /* get signer for verification and crypter for decryption */
204 signer = this->ike_sa->get_signer_initiator(this->ike_sa);
205 crypter = this->ike_sa->get_crypter_initiator(this->ike_sa);
206
207 status = request->parse_body(request, crypter, signer);
208 if (status != SUCCESS)
209 {
210 if (status == NOT_SUPPORTED)
211 {
212 this->logger->log(this->logger, ERROR | LEVEL1, "IKE_AUTH request contains unsupported payload with critical flag set. "
213 "Deleting IKE_SA");
214 this->ike_sa->send_notify(this->ike_sa, IKE_AUTH, UNSUPPORTED_CRITICAL_PAYLOAD, CHUNK_INITIALIZER);
215 return DESTROY_ME;
216 }
217 else
218 {
219 this->logger->log(this->logger, AUDIT, "IKE_AUTH request decryption failed. Ignoring message");
220 }
221 return status;
222 }
223
224 /* iterate over incoming payloads. Message is verified, we can be sure there are the required payloads */
225 payloads = request->get_payload_iterator(request);
226 while (payloads->has_next(payloads))
227 {
228 payload_t *payload;
229 payloads->current(payloads, (void**)&payload);
230
231 switch (payload->get_type(payload))
232 {
233 case ID_INITIATOR:
234 {
235 idi_request = (id_payload_t*)payload;
236 break;
237 }
238 case AUTHENTICATION:
239 {
240 auth_request = (auth_payload_t*)payload;
241 break;
242 }
243 case ID_RESPONDER:
244 {
245 idr_request = (id_payload_t*)payload;
246 break;
247 }
248 case SECURITY_ASSOCIATION:
249 {
250 sa_request = (sa_payload_t*)payload;
251 break;
252 }
253 case TRAFFIC_SELECTOR_INITIATOR:
254 {
255 tsi_request = (ts_payload_t*)payload;
256 break;
257 }
258 case TRAFFIC_SELECTOR_RESPONDER:
259 {
260 tsr_request = (ts_payload_t*)payload;
261 break;
262 }
263 case NOTIFY:
264 {
265 notify_payload_t *notify_payload = (notify_payload_t *) payload;
266 status = this->process_notify_payload(this, notify_payload);
267 if (status != SUCCESS)
268 {
269 payloads->destroy(payloads);
270 return status;
271 }
272 }
273 case CERTIFICATE:
274 {
275 /* TODO handle cert payloads */
276 }
277 case CERTIFICATE_REQUEST:
278 {
279 /* TODO handle certrequest payloads */
280 }
281 default:
282 {
283 this->logger->log(this->logger, ERROR|LEVEL1, "Ignoring payload %s (%d)",
284 mapping_find(payload_type_m, payload->get_type(payload)), payload->get_type(payload));
285 break;
286 }
287 }
288 }
289 /* iterator can be destroyed */
290 payloads->destroy(payloads);
291
292 /* check if we have all payloads */
293 if (!(idi_request && sa_request && auth_request && tsi_request && tsr_request))
294 {
295 this->logger->log(this->logger, AUDIT, "IKE_AUTH reply did not contain all required payloads. Deleting IKE_SA");
296 return DESTROY_ME;
297 }
298
299 /* build response */
300 this->ike_sa->build_message(this->ike_sa, IKE_AUTH, FALSE, &response);
301
302 /* add payloads to it */
303 status = this->build_idr_payload(this, idi_request, idr_request, response, &idr_response);
304 if (status != SUCCESS)
305 {
306 response->destroy(response);
307 return status;
308 }
309 status = this->build_auth_payload(this, auth_request,idi_request, idr_response,response);
310 if (status != SUCCESS)
311 {
312 response->destroy(response);
313 return status;
314 }
315 status = this->build_sa_payload(this, sa_request, response);
316 if (status != SUCCESS)
317 {
318 response->destroy(response);
319 return status;
320 }
321 status = this->build_ts_payload(this, TRUE, tsi_request, response);
322 if (status != SUCCESS)
323 {
324 response->destroy(response);
325 return status;
326 }
327 status = this->build_ts_payload(this, FALSE, tsr_request, response);
328 if (status != SUCCESS)
329 {
330 response->destroy(response);
331 return status;
332 }
333
334 status = this->ike_sa->send_response(this->ike_sa, response);
335 /* message can now be sent (must not be destroyed) */
336 if (status != SUCCESS)
337 {
338 this->logger->log(this->logger, AUDIT, "Unable to send IKE_AUTH reply. Deleting IKE_SA");
339 response->destroy(response);
340 return DESTROY_ME;
341 }
342
343 /* install child SA policies */
344 if (!this->child_sa)
345 {
346 this->logger->log(this->logger, CONTROL, "Proposal negotiation failed, no CHILD_SA built");
347 }
348 else if (this->my_ts->get_count(this->my_ts) == 0 || this->other_ts->get_count(this->other_ts) == 0)
349 {
350 this->logger->log(this->logger, CONTROL, "Traffic selector negotiation failed, no CHILD_SA built");
351 this->child_sa->destroy(this->child_sa);
352 this->child_sa = NULL;
353 }
354 else
355 {
356 status = this->child_sa->add_policies(this->child_sa, this->my_ts, this->other_ts);
357 if (status != SUCCESS)
358 {
359 this->logger->log(this->logger, AUDIT, "Could not install CHILD_SA policy! Deleting IKE_SA");
360 return DESTROY_ME;
361 }
362 this->ike_sa->add_child_sa(this->ike_sa, this->child_sa);
363 }
364
365 /* create new state */
366 this->ike_sa->set_new_state(this->ike_sa, (state_t*)ike_sa_established_create(this->ike_sa));
367 this->destroy_after_state_change(this);
368
369 connection = this->ike_sa->get_connection(this->ike_sa);
370 my_host = connection->get_my_host(connection);
371 other_host = connection->get_other_host(connection);
372 policy = this->ike_sa->get_policy(this->ike_sa);
373 my_id = policy->get_my_id(policy);
374 other_id = policy->get_other_id(policy);
375 this->logger->log(this->logger, AUDIT, "IKE_SA established %s[%s]...%s[%s]",
376 my_host->get_address(my_host), my_id->get_string(my_id),
377 other_host->get_address(other_host), other_id->get_string(other_id));
378
379 return SUCCESS;
380 }
381
382 /**
383 * Implementation of private_ike_sa_init_responded_t.build_idr_payload.
384 */
385 static status_t build_idr_payload(private_ike_sa_init_responded_t *this, id_payload_t *request_idi, id_payload_t *request_idr, message_t *response,id_payload_t **response_idr)
386 {
387 identification_t *other_id, *my_id;
388 id_payload_t *idr_response;
389
390 /* use others ID, an ours if peer requested one */
391 other_id = request_idi->get_identification(request_idi);
392 if (request_idr)
393 {
394 my_id = request_idr->get_identification(request_idr);
395 }
396 else
397 {
398 my_id = identification_create_from_encoding(ID_ANY, CHUNK_INITIALIZER);
399 }
400
401 /* build new sa config */
402 this->policy = charon->policies->get_policy_by_ids(charon->policies, my_id, other_id);
403 if (this->policy == NULL)
404 {
405 this->logger->log(this->logger, AUDIT, "We don't have a policy for IDs %s - %s. Deleting IKE_SA",
406 my_id->get_string(my_id), other_id->get_string(other_id));
407 my_id->destroy(my_id);
408 other_id->destroy(other_id);
409 return DESTROY_ME;
410 }
411 my_id->destroy(my_id);
412 other_id->destroy(other_id);
413
414 /* get my id from policy, which must contain a fully qualified valid id */
415 my_id = this->policy->get_my_id(this->policy);
416
417 /* update others traffic selectors with actually used address */
418 this->policy->update_my_ts(this->policy, response->get_source(response));
419 this->policy->update_other_ts(this->policy, response->get_destination(response));
420
421 /* set policy in ike_sa for other states */
422 this->ike_sa->set_policy(this->ike_sa, this->policy);
423
424 /* build response */
425 idr_response = id_payload_create_from_identification(FALSE, my_id);
426 response->add_payload(response, (payload_t*)idr_response);
427 *response_idr = idr_response;
428
429 return SUCCESS;
430 }
431
432 /**
433 * Implementation of private_ike_sa_init_responded_t.build_sa_payload.
434 */
435 static status_t build_sa_payload(private_ike_sa_init_responded_t *this, sa_payload_t *request, message_t *response)
436 {
437 proposal_t *proposal, *proposal_tmp;
438 linked_list_t *proposal_list;
439 sa_payload_t *sa_response;
440 chunk_t seed;
441 prf_plus_t *prf_plus;
442 status_t status;
443 connection_t *connection;
444
445 /* prepare reply */
446 sa_response = sa_payload_create();
447
448 /* get proposals from request, and select one with ours */
449 proposal_list = request->get_proposals(request);
450 this->logger->log(this->logger, CONTROL|LEVEL1, "Selecting proposals:");
451 proposal = this->policy->select_proposal(this->policy, proposal_list);
452 /* list is not needed anymore */
453 while (proposal_list->remove_last(proposal_list, (void**)&proposal_tmp) == SUCCESS)
454 {
455 proposal_tmp->destroy(proposal_tmp);
456 }
457 proposal_list->destroy(proposal_list);
458 /* do we have a proposal? */
459 if (proposal == NULL)
460 {
461 notify_payload_t *notify;
462 this->logger->log(this->logger, AUDIT, "IKE_AUTH request did not contain any proposals we accept. "
463 "Adding NO_PROPOSAL_CHOSEN notify");
464 /* add NO_PROPOSAL_CHOSEN and an empty SA payload */
465 notify = notify_payload_create_from_protocol_and_type(PROTO_IKE, NO_PROPOSAL_CHOSEN);
466 response->add_payload(response, (payload_t*)notify);
467 }
468 else
469 {
470 /* set up child sa */
471 seed = chunk_alloc(this->received_nonce.len + this->sent_nonce.len);
472 memcpy(seed.ptr, this->received_nonce.ptr, this->received_nonce.len);
473 memcpy(seed.ptr + this->received_nonce.len, this->sent_nonce.ptr, this->sent_nonce.len);
474 prf_plus = prf_plus_create(this->ike_sa->get_child_prf(this->ike_sa), seed);
475 chunk_free(&seed);
476
477 connection = this->ike_sa->get_connection(this->ike_sa);
478 this->child_sa = child_sa_create(connection->get_my_host(connection),
479 connection->get_other_host(connection));
480
481 status = this->child_sa->add(this->child_sa, proposal, prf_plus);
482 prf_plus->destroy(prf_plus);
483 if (status != SUCCESS)
484 {
485 this->logger->log(this->logger, AUDIT, "Could not install CHILD_SA! Deleting IKE_SA");
486 /* TODO: how do we handle this cleanly? */
487 sa_response->destroy(sa_response);
488 proposal->destroy(proposal);
489 return DESTROY_ME;
490 }
491
492 /* add proposal to sa payload */
493 sa_response->add_proposal(sa_response, proposal);
494 proposal->destroy(proposal);
495 }
496 response->add_payload(response, (payload_t*)sa_response);
497 return SUCCESS;
498 }
499
500 /**
501 * Implementation of private_ike_sa_init_responded_t.build_auth_payload.
502 */
503 static status_t build_auth_payload(private_ike_sa_init_responded_t *this, auth_payload_t *auth_request,id_payload_t *other_id_payload,id_payload_t *my_id_payload, message_t* response)
504 {
505 authenticator_t *authenticator;
506 auth_payload_t *auth_reply;
507 status_t status;
508
509 authenticator = authenticator_create(this->ike_sa);
510 status = authenticator->verify_auth_data(authenticator,auth_request, this->ike_sa_init_request_data,this->sent_nonce,other_id_payload,TRUE);
511
512 if (status != SUCCESS)
513 {
514 this->logger->log(this->logger, AUDIT, "IKE_AUTH request verification failed. Deleting IKE_SA");
515 this->ike_sa->send_notify(this->ike_sa, IKE_AUTH, AUTHENTICATION_FAILED, CHUNK_INITIALIZER);
516 authenticator->destroy(authenticator);
517 return DESTROY_ME;
518 }
519
520 status = authenticator->compute_auth_data(authenticator,&auth_reply, this->ike_sa_init_response_data,this->received_nonce,my_id_payload,FALSE);
521 authenticator->destroy(authenticator);
522 if (status != SUCCESS)
523 {
524 this->logger->log(this->logger, AUDIT, "Unable to build authentication data for IKE_AUTH reply. Deleting IKE_SA");
525 return DESTROY_ME;
526 }
527
528 response->add_payload(response, (payload_t *)auth_reply);
529 return SUCCESS;
530 }
531
532 /**
533 * Implementation of private_ike_sa_init_responded_t.build_ts_payload.
534 */
535 static status_t build_ts_payload(private_ike_sa_init_responded_t *this, bool ts_initiator, ts_payload_t *request, message_t* response)
536 {
537 linked_list_t *ts_received, *ts_selected;
538 traffic_selector_t *ts;
539 status_t status = SUCCESS;
540 ts_payload_t *ts_response;
541
542 /* build a reply payload with selected traffic selectors */
543 ts_received = request->get_traffic_selectors(request);
544 /* select ts depending on payload type */
545 if (ts_initiator)
546 {
547 ts_selected = this->policy->select_other_traffic_selectors(this->policy, ts_received);
548 this->other_ts = ts_selected;
549 }
550 else
551 {
552 ts_selected = this->policy->select_my_traffic_selectors(this->policy, ts_received);
553 this->my_ts = ts_selected;
554 }
555
556 ts_response = ts_payload_create_from_traffic_selectors(ts_initiator, ts_selected);
557 response->add_payload(response, (payload_t*)ts_response);
558
559 /* add notify if traffic selectors do not match */
560 if (!ts_initiator &&
561 (ts_selected->get_count(ts_selected) == 0 || this->other_ts->get_count(this->other_ts) == 0))
562 {
563 notify_payload_t *notify;
564
565 this->logger->log(this->logger, AUDIT, "IKE_AUTH request did not contain any traffic selectors we accept. "
566 "Adding TS_UNACCEPTABLE notify");
567
568 notify = notify_payload_create_from_protocol_and_type(0, TS_UNACCEPTABLE);
569 response->add_payload(response, (payload_t*)notify);
570 }
571
572 /* cleanup */
573 while (ts_received->remove_last(ts_received, (void**)&ts) == SUCCESS)
574 {
575 ts->destroy(ts);
576 }
577 ts_received->destroy(ts_received);
578
579 return status;
580 }
581
582 static status_t process_notify_payload(private_ike_sa_init_responded_t *this, notify_payload_t *notify_payload)
583 {
584 notify_message_type_t notify_message_type = notify_payload->get_notify_message_type(notify_payload);
585
586 this->logger->log(this->logger, CONTROL|LEVEL1, "Process notify type %s",
587 mapping_find(notify_message_type_m, notify_message_type));
588
589 switch (notify_message_type)
590 {
591 case SET_WINDOW_SIZE:
592 /*
593 * TODO Increase window size.
594 */
595 case INITIAL_CONTACT:
596 /*
597 * TODO Delete existing IKE_SA's with other Identity.
598 */
599 default:
600 {
601 this->logger->log(this->logger, AUDIT, "IKE_AUTH request contained an unknown notify (%d), ignored.", notify_message_type);
602 }
603 }
604
605 return SUCCESS;
606 }
607
608 /**
609 * Implementation of state_t.get_state.
610 */
611 static ike_sa_state_t get_state(private_ike_sa_init_responded_t *this)
612 {
613 return IKE_SA_INIT_RESPONDED;
614 }
615
616 /**
617 * Implementation of state_t.destroy.
618 */
619 static void destroy(private_ike_sa_init_responded_t *this)
620 {
621 chunk_free(&(this->received_nonce));
622 chunk_free(&(this->sent_nonce));
623 chunk_free(&(this->ike_sa_init_response_data));
624 chunk_free(&(this->ike_sa_init_request_data));
625 if (this->my_ts)
626 {
627 traffic_selector_t *ts;
628 while (this->my_ts->remove_last(this->my_ts, (void**)&ts) == SUCCESS)
629 {
630 ts->destroy(ts);
631 }
632 this->my_ts->destroy(this->my_ts);
633 }
634 if (this->other_ts)
635 {
636 traffic_selector_t *ts;
637 while (this->other_ts->remove_last(this->other_ts, (void**)&ts) == SUCCESS)
638 {
639 ts->destroy(ts);
640 }
641 this->other_ts->destroy(this->other_ts);
642 }
643 if (this->child_sa)
644 {
645 this->child_sa->destroy(this->child_sa);
646 }
647
648 free(this);
649 }
650 /**
651 * Implementation of private_ike_sa_init_responded.destroy_after_state_change.
652 */
653 static void destroy_after_state_change(private_ike_sa_init_responded_t *this)
654 {
655 chunk_free(&(this->received_nonce));
656 chunk_free(&(this->sent_nonce));
657 chunk_free(&(this->ike_sa_init_response_data));
658 chunk_free(&(this->ike_sa_init_request_data));
659 if (this->my_ts)
660 {
661 traffic_selector_t *ts;
662 while (this->my_ts->remove_last(this->my_ts, (void**)&ts) == SUCCESS)
663 {
664 ts->destroy(ts);
665 }
666 this->my_ts->destroy(this->my_ts);
667 }
668 if (this->other_ts)
669 {
670 traffic_selector_t *ts;
671 while (this->other_ts->remove_last(this->other_ts, (void**)&ts) == SUCCESS)
672 {
673 ts->destroy(ts);
674 }
675 this->other_ts->destroy(this->other_ts);
676 }
677
678 free(this);
679 }
680
681 /*
682 * Described in header.
683 */
684 ike_sa_init_responded_t *ike_sa_init_responded_create(protected_ike_sa_t *ike_sa, chunk_t received_nonce, chunk_t sent_nonce,chunk_t ike_sa_init_request_data, chunk_t ike_sa_init_response_data)
685 {
686 private_ike_sa_init_responded_t *this = malloc_thing(private_ike_sa_init_responded_t);
687
688 /* interface functions */
689 this->public.state_interface.process_message = (status_t (*) (state_t *,message_t *)) process_message;
690 this->public.state_interface.get_state = (ike_sa_state_t (*) (state_t *)) get_state;
691 this->public.state_interface.destroy = (void (*) (state_t *)) destroy;
692
693 /* private functions */
694 this->build_idr_payload = build_idr_payload;
695 this->build_sa_payload = build_sa_payload;
696 this->build_auth_payload = build_auth_payload;
697 this->build_ts_payload = build_ts_payload;
698 this->process_notify_payload = process_notify_payload;
699 this->destroy_after_state_change = destroy_after_state_change;
700
701 /* private data */
702 this->ike_sa = ike_sa;
703 this->received_nonce = received_nonce;
704 this->sent_nonce = sent_nonce;
705 this->ike_sa_init_response_data = ike_sa_init_response_data;
706 this->ike_sa_init_request_data = ike_sa_init_request_data;
707 this->my_ts = NULL;
708 this->other_ts = NULL;
709 this->child_sa = NULL;
710 this->logger = logger_manager->get_logger(logger_manager, IKE_SA);
711
712 return &(this->public);
713 }