6fce5e07b850afb12bf70f3550e90a902f49cd15
[strongswan.git] / src / charon / sa / transactions / create_child_sa.c
1 /**
2 * @file create_child_sa.c
3 *
4 * @brief Implementation of create_child_sa_t transaction.
5 *
6 */
7
8 /*
9 * Copyright (C) 2006 Martin Willi
10 * Hochschule fuer Technik Rapperswil
11 *
12 * This program is free software; you can redistribute it and/or modify it
13 * under the terms of the GNU General Public License as published by the
14 * Free Software Foundation; either version 2 of the License, or (at your
15 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
16 *
17 * This program is distributed in the hope that it will be useful, but
18 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
19 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
20 * for more details.
21 */
22
23 #include "create_child_sa.h"
24
25 #include <string.h>
26
27 #include <daemon.h>
28 #include <encoding/payloads/sa_payload.h>
29 #include <encoding/payloads/nonce_payload.h>
30 #include <encoding/payloads/ts_payload.h>
31 #include <sa/child_sa.h>
32 #include <sa/transactions/delete_child_sa.h>
33 #include <utils/randomizer.h>
34
35
36 typedef struct private_create_child_sa_t private_create_child_sa_t;
37
38 /**
39 * Private members of a create_child_sa_t object..
40 */
41 struct private_create_child_sa_t {
42
43 /**
44 * Public methods and transaction_t interface.
45 */
46 create_child_sa_t public;
47
48 /**
49 * Assigned IKE_SA.
50 */
51 ike_sa_t *ike_sa;
52
53 /**
54 * Message sent by our peer, if already generated
55 */
56 message_t *message;
57
58 /**
59 * Message ID this transaction uses
60 */
61 u_int32_t message_id;
62
63 /**
64 * Times we did send the request
65 */
66 u_int32_t requested;
67
68 /**
69 * initiators inbound SPI of the CHILD_SA which gets rekeyed
70 */
71 u_int32_t rekey_spi;
72
73 /**
74 * connection of IKE_SA
75 */
76 connection_t *connection;
77
78 /**
79 * policy definition used
80 */
81 policy_t *policy;
82
83 /**
84 * Negotiated proposal used for CHILD_SA
85 */
86 proposal_t *proposal;
87
88 /**
89 * initiator chosen nonce
90 */
91 chunk_t nonce_i;
92
93 /**
94 * responder chosen nonce
95 */
96 chunk_t nonce_r;
97
98 /**
99 * Negotiated traffic selectors for initiator
100 */
101 linked_list_t *tsi;
102
103 /**
104 * Negotiated traffic selectors for responder
105 */
106 linked_list_t *tsr;
107
108 /**
109 * CHILD_SA created by this transaction
110 */
111 child_sa_t *child_sa;
112
113 /**
114 * CHILD_SA rekeyed if we are rekeying
115 */
116 child_sa_t *rekeyed_sa;
117
118 /**
119 * source of randomness
120 */
121 randomizer_t *randomizer;
122
123 /**
124 * Assigned logger.
125 */
126 logger_t *logger;
127 };
128
129 /**
130 * Implementation of transaction_t.get_message_id.
131 */
132 static u_int32_t get_message_id(private_create_child_sa_t *this)
133 {
134 return this->message_id;
135 }
136
137 /**
138 * Implementation of transaction_t.requested.
139 */
140 static u_int32_t requested(private_create_child_sa_t *this)
141 {
142 return this->requested++;
143 }
144
145 /**
146 * Implementation of transaction_t.rekeys_child.
147 */
148 static void rekeys_child(private_create_child_sa_t *this, child_sa_t *child_sa)
149 {
150 this->rekeyed_sa = child_sa;
151 }
152
153 /**
154 * Implementation of transaction_t.get_request.
155 */
156 static status_t get_request(private_create_child_sa_t *this, message_t **result)
157 {
158 message_t *request;
159 host_t *me, *other;
160
161 /* check if we already have built a message (retransmission) */
162 if (this->message)
163 {
164 *result = this->message;
165 return SUCCESS;
166 }
167
168 this->connection = this->ike_sa->get_connection(this->ike_sa);
169 me = this->connection->get_my_host(this->connection);
170 other = this->connection->get_other_host(this->connection);
171 this->policy = this->ike_sa->get_policy(this->ike_sa);
172
173 /* build the request */
174 request = message_create();
175 request->set_source(request, me->clone(me));
176 request->set_destination(request, other->clone(other));
177 request->set_exchange_type(request, CREATE_CHILD_SA);
178 request->set_request(request, TRUE);
179 request->set_message_id(request, this->message_id);
180 request->set_ike_sa_id(request, this->ike_sa->get_id(this->ike_sa));
181 *result = request;
182 this->message = request;
183
184 { /* build SA payload */
185 sa_payload_t *sa_payload;
186 linked_list_t *proposals;
187 bool use_natt;
188 u_int32_t reqid = 0;
189
190 if (this->rekeyed_sa)
191 {
192 reqid = this->rekeyed_sa->get_reqid(this->rekeyed_sa);
193 }
194
195 proposals = this->policy->get_proposals(this->policy);
196 use_natt = this->ike_sa->is_natt_enabled(this->ike_sa);
197 this->child_sa = child_sa_create(reqid, me, other,
198 this->policy->get_soft_lifetime(this->policy),
199 this->policy->get_hard_lifetime(this->policy),
200 use_natt);
201 if (this->child_sa->alloc(this->child_sa, proposals) != SUCCESS)
202 {
203 this->logger->log(this->logger, ERROR,
204 "could not install CHILD_SA, CHILD_SA creation aborted");
205 return FAILED;
206 }
207 sa_payload = sa_payload_create_from_proposal_list(proposals);
208 request->add_payload(request, (payload_t*)sa_payload);
209 }
210
211 { /* build the NONCE payload for us (initiator) */
212 nonce_payload_t *nonce_payload;
213
214 if (this->randomizer->allocate_pseudo_random_bytes(this->randomizer,
215 NONCE_SIZE, &this->nonce_i) != SUCCESS)
216 {
217 return FAILED;
218 }
219 nonce_payload = nonce_payload_create();
220 nonce_payload->set_nonce(nonce_payload, this->nonce_i);
221 request->add_payload(request, (payload_t*)nonce_payload);
222 }
223
224 { /* build TSi payload */
225 linked_list_t *ts_list;
226 ts_payload_t *ts_payload;
227
228 ts_list = this->policy->get_my_traffic_selectors(this->policy);
229 ts_payload = ts_payload_create_from_traffic_selectors(TRUE, ts_list);
230 request->add_payload(request, (payload_t*)ts_payload);
231 }
232
233 { /* build TSr payload */
234 linked_list_t *ts_list;
235 ts_payload_t *ts_payload;
236
237 ts_list = this->policy->get_other_traffic_selectors(this->policy);
238 ts_payload = ts_payload_create_from_traffic_selectors(FALSE, ts_list);
239 request->add_payload(request, (payload_t*)ts_payload);
240 }
241
242 if (this->rekeyed_sa)
243 { /* add REKEY_SA notify if we are rekeying */
244 notify_payload_t *notify;
245 protocol_id_t protocol;
246
247 protocol = this->rekeyed_sa->get_protocol(this->rekeyed_sa);
248 notify = notify_payload_create_from_protocol_and_type(protocol, REKEY_SA);
249 notify->set_spi(notify, this->rekeyed_sa->get_spi(this->rekeyed_sa, TRUE));
250 request->add_payload(request, (payload_t*)notify);
251
252 /* and mark sa with rekeying-in-progress */
253 this->rekeyed_sa->set_rekeyed(this->rekeyed_sa);
254 }
255
256 return SUCCESS;
257 }
258
259 /**
260 * Handle all kind of notifys
261 */
262 static status_t process_notifys(private_create_child_sa_t *this, notify_payload_t *notify_payload)
263 {
264 notify_type_t notify_type = notify_payload->get_notify_type(notify_payload);
265
266 this->logger->log(this->logger, CONTROL|LEVEL1, "process notify type %s",
267 mapping_find(notify_type_m, notify_type));
268
269 switch (notify_type)
270 {
271 case SINGLE_PAIR_REQUIRED:
272 {
273 this->logger->log(this->logger, AUDIT,
274 "received a SINGLE_PAIR_REQUIRED notify");
275 return FAILED;
276 }
277 case TS_UNACCEPTABLE:
278 {
279 this->logger->log(this->logger, CONTROL,
280 "received TS_UNACCEPTABLE notify");
281 return FAILED;
282 }
283 case NO_PROPOSAL_CHOSEN:
284 {
285 this->logger->log(this->logger, CONTROL,
286 "received NO_PROPOSAL_CHOSEN notify");
287 return FAILED;
288 }
289 case REKEY_SA:
290 {
291 u_int32_t spi;
292 protocol_id_t protocol;
293
294 protocol = notify_payload->get_protocol_id(notify_payload);
295 switch (protocol)
296 {
297 case PROTO_AH:
298 case PROTO_ESP:
299 spi = notify_payload->get_spi(notify_payload);
300 this->rekeyed_sa = this->ike_sa->get_child_sa(this->ike_sa,
301 protocol, spi,
302 FALSE);
303 break;
304 default:
305 break;
306 }
307 return SUCCESS;
308 }
309 default:
310 {
311 if (notify_type < 16383)
312 {
313 this->logger->log(this->logger, AUDIT,
314 "received %s notify error (%d), deleting IKE_SA",
315 mapping_find(notify_type_m, notify_type),
316 notify_type);
317 return FAILED;
318 }
319 else
320 {
321 this->logger->log(this->logger, CONTROL,
322 "received %s notify (%d), ignored",
323 mapping_find(notify_type_m, notify_type),
324 notify_type);
325 return SUCCESS;
326 }
327 }
328 }
329 }
330
331 /**
332 * Build a notify message.
333 */
334 static void build_notify(notify_type_t type, message_t *message, bool flush_message)
335 {
336 notify_payload_t *notify;
337
338 if (flush_message)
339 {
340 payload_t *payload;
341 iterator_t *iterator = message->get_payload_iterator(message);
342 while (iterator->iterate(iterator, (void**)&payload))
343 {
344 payload->destroy(payload);
345 iterator->remove(iterator);
346 }
347 iterator->destroy(iterator);
348 }
349
350 notify = notify_payload_create();
351 notify->set_notify_type(notify, type);
352 message->add_payload(message, (payload_t*)notify);
353 }
354
355 /**
356 * Install a CHILD_SA for usage
357 */
358 static status_t install_child_sa(private_create_child_sa_t *this, bool initiator)
359 {
360 prf_plus_t *prf_plus;
361 chunk_t seed;
362 status_t status;
363
364 seed = chunk_alloc(this->nonce_i.len + this->nonce_r.len);
365 memcpy(seed.ptr, this->nonce_i.ptr, this->nonce_i.len);
366 memcpy(seed.ptr + this->nonce_i.len, this->nonce_r.ptr, this->nonce_r.len);
367 prf_plus = prf_plus_create(this->ike_sa->get_child_prf(this->ike_sa), seed);
368 chunk_free(&seed);
369
370 if (initiator)
371 {
372 status = this->child_sa->update(this->child_sa, this->proposal, prf_plus);
373 }
374 else
375 {
376 status = this->child_sa->add(this->child_sa, this->proposal, prf_plus);
377 }
378 prf_plus->destroy(prf_plus);
379 if (status != SUCCESS)
380 {
381 return DESTROY_ME;
382 }
383 if (initiator)
384 {
385 status = this->child_sa->add_policies(this->child_sa, this->tsi, this->tsr);
386 }
387 else
388 {
389 status = this->child_sa->add_policies(this->child_sa, this->tsr, this->tsi);
390 }
391 if (status != SUCCESS)
392 {
393 return DESTROY_ME;
394 }
395 /* add to IKE_SA, and remove from transaction */
396 this->ike_sa->add_child_sa(this->ike_sa, this->child_sa);
397 this->child_sa = NULL;
398 return SUCCESS;
399 }
400
401 /**
402 * destroy a list of traffic selectors
403 */
404 static void destroy_ts_list(linked_list_t *list)
405 {
406 if (list)
407 {
408 traffic_selector_t *ts;
409 while (list->remove_last(list, (void**)&ts) == SUCCESS)
410 {
411 ts->destroy(ts);
412 }
413 list->destroy(list);
414 }
415 }
416
417 /**
418 * Implementation of transaction_t.get_response.
419 */
420 static status_t get_response(private_create_child_sa_t *this, message_t *request,
421 message_t **result, transaction_t **next)
422 {
423 host_t *me, *other;
424 message_t *response;
425 status_t status;
426 iterator_t *payloads;
427 sa_payload_t *sa_request = NULL;
428 nonce_payload_t *nonce_request = NULL;
429 ts_payload_t *tsi_request = NULL;
430 ts_payload_t *tsr_request = NULL;
431
432 /* check if we already have built a response (retransmission) */
433 if (this->message)
434 {
435 *result = this->message;
436 return SUCCESS;
437 }
438
439 this->connection = this->ike_sa->get_connection(this->ike_sa);
440 me = this->connection->get_my_host(this->connection);
441 other = this->connection->get_other_host(this->connection);
442 this->policy = this->ike_sa->get_policy(this->ike_sa);
443
444 /* set up response */
445 response = message_create();
446 response->set_source(response, me->clone(me));
447 response->set_destination(response, other->clone(other));
448 response->set_exchange_type(response, CREATE_CHILD_SA);
449 response->set_request(response, FALSE);
450 response->set_message_id(response, this->message_id);
451 response->set_ike_sa_id(response, this->ike_sa->get_id(this->ike_sa));
452 this->message = response;
453 *result = response;
454
455 /* check message type */
456 if (request->get_exchange_type(request) != CREATE_CHILD_SA)
457 {
458 this->logger->log(this->logger, ERROR,
459 "CREATE_CHILD_SA response of invalid type, aborted");
460 return FAILED;
461 }
462
463 /* Iterate over all payloads. */
464 payloads = request->get_payload_iterator(request);
465 while (payloads->has_next(payloads))
466 {
467 payload_t *payload;
468 payloads->current(payloads, (void**)&payload);
469 switch (payload->get_type(payload))
470 {
471 case SECURITY_ASSOCIATION:
472 sa_request = (sa_payload_t*)payload;
473 break;
474 case NONCE:
475 nonce_request = (nonce_payload_t*)payload;
476 break;
477 case TRAFFIC_SELECTOR_INITIATOR:
478 tsi_request = (ts_payload_t*)payload;
479 break;
480 case TRAFFIC_SELECTOR_RESPONDER:
481 tsr_request = (ts_payload_t*)payload;
482 break;
483 case NOTIFY:
484 {
485 status = process_notifys(this, (notify_payload_t*)payload);
486 if (status != SUCCESS)
487 {
488 payloads->destroy(payloads);
489 return status;
490 }
491 break;
492 }
493 default:
494 {
495 this->logger->log(this->logger, ERROR, "ignoring %s payload (%d)",
496 mapping_find(payload_type_m, payload->get_type(payload)),
497 payload->get_type(payload));
498 break;
499 }
500 }
501 }
502 payloads->destroy(payloads);
503
504 /* check if we have all payloads */
505 if (!(sa_request && nonce_request && tsi_request && tsr_request))
506 {
507 build_notify(INVALID_SYNTAX, response, TRUE);
508 this->logger->log(this->logger, AUDIT,
509 "request message incomplete, no CHILD_SA created");
510 return FAILED;
511 }
512
513 { /* process nonce payload */
514 nonce_payload_t *nonce_response;
515
516 this->nonce_i = nonce_request->get_nonce(nonce_request);
517 if (this->randomizer->allocate_pseudo_random_bytes(this->randomizer,
518 NONCE_SIZE, &this->nonce_r) != SUCCESS)
519 {
520 build_notify(NO_PROPOSAL_CHOSEN, response, TRUE);
521 return FAILED;
522 }
523 nonce_response = nonce_payload_create();
524 nonce_response->set_nonce(nonce_response, this->nonce_r);
525 response->add_payload(response, (payload_t *)nonce_response);
526 }
527
528 { /* process traffic selectors for other */
529 linked_list_t *ts_received = tsi_request->get_traffic_selectors(tsi_request);
530 this->tsi = this->policy->select_other_traffic_selectors(this->policy, ts_received);
531 destroy_ts_list(ts_received);
532 }
533
534 { /* process traffic selectors for us */
535 linked_list_t *ts_received = ts_received = tsr_request->get_traffic_selectors(tsr_request);
536 this->tsr = this->policy->select_my_traffic_selectors(this->policy, ts_received);
537 destroy_ts_list(ts_received);
538 }
539
540 { /* process SA payload */
541 proposal_t *proposal;
542 linked_list_t *proposal_list;
543 sa_payload_t *sa_response;
544 ts_payload_t *ts_response;
545 bool use_natt;
546 u_int32_t soft_lifetime, hard_lifetime;
547
548 sa_response = sa_payload_create();
549 /* get proposals from request, and select one with ours */
550 proposal_list = sa_request->get_proposals(sa_request);
551 this->logger->log(this->logger, CONTROL|LEVEL1, "selecting proposals:");
552 this->proposal = this->policy->select_proposal(this->policy, proposal_list);
553 /* list is not needed anymore */
554 while (proposal_list->remove_last(proposal_list, (void**)&proposal) == SUCCESS)
555 {
556 proposal->destroy(proposal);
557 }
558 proposal_list->destroy(proposal_list);
559
560 /* do we have a proposal? */
561 if (this->proposal == NULL)
562 {
563 this->logger->log(this->logger, AUDIT,
564 "CHILD_SA proposals unacceptable, adding NO_PROPOSAL_CHOSEN notify");
565 build_notify(NO_PROPOSAL_CHOSEN, response, TRUE);
566 return FAILED;
567 }
568 /* do we have traffic selectors? */
569 else if (this->tsi->get_count(this->tsi) == 0 || this->tsr->get_count(this->tsr) == 0)
570 {
571 this->logger->log(this->logger, AUDIT,
572 "CHILD_SA traffic selectors unacceptable, adding TS_UNACCEPTABLE notify");
573 build_notify(TS_UNACCEPTABLE, response, TRUE);
574 return FAILED;
575 }
576 else
577 { /* create child sa */
578 u_int32_t reqid = 0;
579
580 if (this->rekeyed_sa)
581 {
582 reqid = this->rekeyed_sa->get_reqid(this->rekeyed_sa);
583 }
584 soft_lifetime = this->policy->get_soft_lifetime(this->policy);
585 hard_lifetime = this->policy->get_hard_lifetime(this->policy);
586 use_natt = this->ike_sa->is_natt_enabled(this->ike_sa);
587 this->child_sa = child_sa_create(reqid, me, other,
588 soft_lifetime, hard_lifetime,
589 use_natt);
590 if (install_child_sa(this, FALSE) != SUCCESS)
591 {
592 this->logger->log(this->logger, ERROR,
593 "installing CHILD_SA failed, adding NO_PROPOSAL_CHOSEN notify");
594 build_notify(NO_PROPOSAL_CHOSEN, response, TRUE);
595 return FAILED;
596 }
597 /* add proposal to sa payload */
598 sa_response->add_proposal(sa_response, this->proposal);
599 }
600 response->add_payload(response, (payload_t*)sa_response);
601
602 /* add ts payload after sa payload */
603 ts_response = ts_payload_create_from_traffic_selectors(TRUE, this->tsi);
604 response->add_payload(response, (payload_t*)ts_response);
605 ts_response = ts_payload_create_from_traffic_selectors(FALSE, this->tsr);
606 response->add_payload(response, (payload_t*)ts_response);
607 }
608 /* CHILD_SA successfully created. Now we must check if it rekeys an old one,
609 * and if so, mark the old as rekeyed. It will get deleted from the other
610 * peer. */
611 if (this->rekeyed_sa)
612 {
613 this->rekeyed_sa->set_rekeyed(this->rekeyed_sa);
614 }
615 return SUCCESS;
616 }
617
618 /**
619 * Implementation of transaction_t.conclude
620 */
621 static status_t conclude(private_create_child_sa_t *this, message_t *response,
622 transaction_t **next)
623 {
624 iterator_t *payloads;
625 host_t *me, *other;
626 sa_payload_t *sa_payload = NULL;
627 nonce_payload_t *nonce_payload = NULL;
628 ts_payload_t *tsi_payload = NULL;
629 ts_payload_t *tsr_payload = NULL;
630 status_t status;
631
632 /* check message type */
633 if (response->get_exchange_type(response) != CREATE_CHILD_SA)
634 {
635 this->logger->log(this->logger, ERROR,
636 "CREATE_CHILD_SA response of invalid type, aborting");
637 return FAILED;
638 }
639
640 me = this->connection->get_my_host(this->connection);
641 other = this->connection->get_other_host(this->connection);
642
643 /* Iterate over all payloads to collect them */
644 payloads = response->get_payload_iterator(response);
645 while (payloads->has_next(payloads))
646 {
647 payload_t *payload;
648 payloads->current(payloads, (void**)&payload);
649 switch (payload->get_type(payload))
650 {
651 case SECURITY_ASSOCIATION:
652 sa_payload = (sa_payload_t*)payload;
653 break;
654 case NONCE:
655 nonce_payload = (nonce_payload_t*)payload;
656 break;
657 case TRAFFIC_SELECTOR_INITIATOR:
658 tsi_payload = (ts_payload_t*)payload;
659 break;
660 case TRAFFIC_SELECTOR_RESPONDER:
661 tsr_payload = (ts_payload_t*)payload;
662 break;
663 case NOTIFY:
664 {
665 status = process_notifys(this, (notify_payload_t*)payload);
666 if (status != SUCCESS)
667 {
668 payloads->destroy(payloads);
669 return status;
670 }
671 break;
672 }
673 default:
674 {
675 this->logger->log(this->logger, ERROR, "ignoring %s payload (%d)",
676 mapping_find(payload_type_m, payload->get_type(payload)),
677 payload->get_type(payload));
678 break;
679 }
680 }
681 }
682 payloads->destroy(payloads);
683
684 if (!(sa_payload && nonce_payload && tsi_payload && tsr_payload))
685 {
686 this->logger->log(this->logger, AUDIT, "response message incomplete, no CHILD_SA built");
687 return FAILED;
688 }
689
690 { /* process NONCE payload */
691 this->nonce_r = nonce_payload->get_nonce(nonce_payload);
692 }
693
694 { /* process traffic selectors for us */
695 linked_list_t *ts_received = tsi_payload->get_traffic_selectors(tsi_payload);
696 this->tsi = this->policy->select_my_traffic_selectors(this->policy, ts_received);
697 destroy_ts_list(ts_received);
698 }
699
700 { /* process traffic selectors for other */
701 linked_list_t *ts_received = tsr_payload->get_traffic_selectors(tsr_payload);
702 this->tsr = this->policy->select_other_traffic_selectors(this->policy, ts_received);
703 destroy_ts_list(ts_received);
704 }
705
706 { /* process sa payload */
707 proposal_t *proposal;
708 linked_list_t *proposal_list;
709
710 proposal_list = sa_payload->get_proposals(sa_payload);
711 /* we have to re-check here if other's selection is valid */
712 this->proposal = this->policy->select_proposal(this->policy, proposal_list);
713 /* list not needed anymore */
714 while (proposal_list->remove_last(proposal_list, (void**)&proposal) == SUCCESS)
715 {
716 proposal->destroy(proposal);
717 }
718 proposal_list->destroy(proposal_list);
719
720 /* everything fine to create CHILD? */
721 if (this->proposal == NULL ||
722 this->tsi->get_count(this->tsi) == 0 ||
723 this->tsr->get_count(this->tsr) == 0)
724 {
725 this->logger->log(this->logger, AUDIT,
726 "CHILD_SA creation failed");
727 return FAILED;
728 }
729 if (install_child_sa(this, TRUE) != SUCCESS)
730 {
731 this->logger->log(this->logger, ERROR,
732 "installing CHILD_SA failed, no CHILD_SA built");
733 return FAILED;
734 }
735 }
736 /* CHILD_SA successfully created. If we have rekeyed an old one, delete it */
737 if (this->rekeyed_sa)
738 {
739 delete_child_sa_t *delete_child_sa;
740
741 delete_child_sa = delete_child_sa_create(this->ike_sa,
742 this->message_id + 1);
743 delete_child_sa->set_child_sa(delete_child_sa, this->rekeyed_sa);
744 *next = (transaction_t*)delete_child_sa;
745 }
746 return SUCCESS;
747 }
748
749 /**
750 * implements transaction_t.destroy
751 */
752 static void destroy(private_create_child_sa_t *this)
753 {
754 if (this->message)
755 {
756 this->message->destroy(this->message);
757 }
758 if (this->proposal)
759 {
760 this->proposal->destroy(this->proposal);
761 }
762 if (this->child_sa)
763 {
764 this->child_sa->destroy(this->child_sa);
765 }
766 destroy_ts_list(this->tsi);
767 destroy_ts_list(this->tsr);
768 chunk_free(&this->nonce_i);
769 chunk_free(&this->nonce_r);
770 this->randomizer->destroy(this->randomizer);
771 free(this);
772 }
773
774 /*
775 * Described in header.
776 */
777 create_child_sa_t *create_child_sa_create(ike_sa_t *ike_sa, u_int32_t message_id)
778 {
779 private_create_child_sa_t *this = malloc_thing(private_create_child_sa_t);
780
781 /* transaction interface functions */
782 this->public.transaction.get_request = (status_t(*)(transaction_t*,message_t**))get_request;
783 this->public.transaction.get_response = (status_t(*)(transaction_t*,message_t*,message_t**,transaction_t**))get_response;
784 this->public.transaction.conclude = (status_t(*)(transaction_t*,message_t*,transaction_t**))conclude;
785 this->public.transaction.get_message_id = (u_int32_t(*)(transaction_t*))get_message_id;
786 this->public.transaction.requested = (u_int32_t(*)(transaction_t*))requested;
787 this->public.transaction.destroy = (void(*)(transaction_t*))destroy;
788
789 /* public functions */
790 this->public.rekeys_child = (void(*)(create_child_sa_t*,child_sa_t*))rekeys_child;
791
792 /* private data */
793 this->ike_sa = ike_sa;
794 this->message_id = message_id;
795 this->message = NULL;
796 this->requested = 0;
797 this->rekey_spi = 0;
798 this->nonce_i = CHUNK_INITIALIZER;
799 this->nonce_r = CHUNK_INITIALIZER;
800 this->child_sa = NULL;
801 this->rekeyed_sa = NULL;
802 this->proposal = NULL;
803 this->tsi = NULL;
804 this->tsr = NULL;
805 this->randomizer = randomizer_create();
806 this->logger = logger_manager->get_logger(logger_manager, IKE_SA);
807
808 return &this->public;
809 }