include only source NATD payloads really needed
[strongswan.git] / src / charon / sa / transactions / ike_sa_init.c
1 /**
2 * @file ike_sa_init.c
3 *
4 * @brief Implementation of ike_sa_init_t transaction.
5 *
6 */
7
8 /*
9 * Copyright (C) 2006 Tobias Brunner, Daniel Roethlisberger
10 * Copyright (C) 2005-2006 Martin Willi
11 * Copyright (C) 2005 Jan Hutter
12 * Hochschule fuer Technik Rapperswil
13 *
14 * This program is free software; you can redistribute it and/or modify it
15 * under the terms of the GNU General Public License as published by the
16 * Free Software Foundation; either version 2 of the License, or (at your
17 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
18 *
19 * This program is distributed in the hope that it will be useful, but
20 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
21 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
22 * for more details.
23 */
24
25 #include "ike_sa_init.h"
26
27 #include <string.h>
28
29 #include <daemon.h>
30 #include <crypto/diffie_hellman.h>
31 #include <crypto/hashers/hasher.h>
32 #include <encoding/payloads/sa_payload.h>
33 #include <encoding/payloads/ke_payload.h>
34 #include <encoding/payloads/nonce_payload.h>
35 #include <sa/transactions/ike_auth.h>
36 #include <queues/jobs/delete_ike_sa_job.h>
37 #include <queues/jobs/rekey_ike_sa_job.h>
38
39
40 typedef struct private_ike_sa_init_t private_ike_sa_init_t;
41
42 /**
43 * Private members of a ike_sa_init_t object..
44 */
45 struct private_ike_sa_init_t {
46
47 /**
48 * Public methods and transaction_t interface.
49 */
50 ike_sa_init_t public;
51
52 /**
53 * Assigned IKE_SA.
54 */
55 ike_sa_t *ike_sa;
56
57 /**
58 * Message sent by our peer, if already generated
59 */
60 message_t *message;
61
62 /**
63 * Message ID this transaction uses
64 */
65 u_int32_t message_id;
66
67 /**
68 * Times we did send the request
69 */
70 u_int32_t requested;
71
72 /**
73 * Next transaction followed to this one. May be IKE_AUTH,
74 * or a IKE_SA_INIT retry
75 */
76 transaction_t **next;
77
78 /**
79 * Diffie hellman object used to generate public DH value.
80 */
81 diffie_hellman_t *diffie_hellman;
82
83 /**
84 * initiator chosen nonce
85 */
86 chunk_t nonce_i;
87
88 /**
89 * responder chosen nonce
90 */
91 chunk_t nonce_r;
92
93 /**
94 * connection definition used for initiation
95 */
96 connection_t *connection;
97
98 /**
99 * policy definition forwarded to ike_auth transaction
100 */
101 policy_t *policy;
102
103 /**
104 * Negotiated proposal used for IKE_SA
105 */
106 proposal_t *proposal;
107
108 /**
109 * Reqid to pass to IKE_AUTH, used for created CHILD_SA
110 */
111 u_int32_t reqid;
112
113 /**
114 * Unique ID for to enumerate all IKE_SAs in its name
115 */
116 u_int32_t unique_id;
117
118 /**
119 * Randomizer to generate nonces
120 */
121 randomizer_t *randomizer;
122
123 /**
124 * Hasher used to build NAT detection hashes
125 */
126 hasher_t *nat_hasher;
127
128 /**
129 * Precomputed NAT hash for source address
130 */
131 chunk_t natd_src_hash;
132
133 /**
134 * Precomputed NAT hash for destination address
135 */
136 chunk_t natd_dst_hash;
137
138 /**
139 * Did we process any NAT detection notifys for a source address?
140 */
141 bool natd_src_seen;
142
143 /**
144 * Did we process any NAT detection notifys for a destination address?
145 */
146 bool natd_dst_seen;
147
148 /**
149 * Have we found a matching source address NAT hash?
150 */
151 bool natd_src_matched;
152
153 /**
154 * Have we found a matching destination address NAT hash?
155 */
156 bool natd_dst_matched;
157 };
158
159 /**
160 * Implementation of ike_sa_init_t.use_dh_group.
161 */
162 static bool use_dh_group(private_ike_sa_init_t *this, diffie_hellman_group_t dh_group)
163 {
164 if (this->connection->check_dh_group(this->connection, dh_group))
165 {
166 this->diffie_hellman = diffie_hellman_create(dh_group);
167 if (this->diffie_hellman)
168 {
169 return TRUE;
170 }
171 }
172 return FALSE;
173 }
174
175 /**
176 * Implementation of ike_sa_init_t.set_config.
177 */
178 static void set_config(private_ike_sa_init_t *this,
179 connection_t *connection, policy_t *policy)
180 {
181 this->connection = connection;
182 this->policy = policy;
183 }
184
185 /**
186 * Implementation of ike_sa_init_t.set_reqid.
187 */
188 static void set_reqid(private_ike_sa_init_t *this, u_int32_t reqid)
189 {
190 this->reqid = reqid;
191 }
192
193 /**
194 * Implementation of transaction_t.get_message_id.
195 */
196 static u_int32_t get_message_id(private_ike_sa_init_t *this)
197 {
198 return this->message_id;
199 }
200
201 /**
202 * Implementation of transaction_t.requested.
203 */
204 static u_int32_t requested(private_ike_sa_init_t *this)
205 {
206 return this->requested++;
207 }
208
209 /**
210 * Build NAT detection hash for a host
211 */
212 static chunk_t generate_natd_hash(private_ike_sa_init_t *this,
213 ike_sa_id_t * ike_sa_id, host_t *host)
214 {
215 chunk_t natd_chunk, spi_i_chunk, spi_r_chunk, addr_chunk, port_chunk;
216 chunk_t natd_hash;
217 u_int64_t spi_i, spi_r;
218 u_int16_t port;
219
220 /* prepare all requred chunks */
221 spi_i = ike_sa_id->get_initiator_spi(ike_sa_id);
222 spi_r = ike_sa_id->get_responder_spi(ike_sa_id);
223 spi_i_chunk.ptr = (void*)&spi_i;
224 spi_i_chunk.len = sizeof(spi_i);
225 spi_r_chunk.ptr = (void*)&spi_r;
226 spi_r_chunk.len = sizeof(spi_r);
227 port = htons(host->get_port(host));
228 port_chunk.ptr = (void*)&port;
229 port_chunk.len = sizeof(port);
230 addr_chunk = host->get_address(host);
231
232 /* natd_hash = SHA1( spi_i | spi_r | address | port ) */
233 natd_chunk = chunk_cat("cccc", spi_i_chunk, spi_r_chunk, addr_chunk, port_chunk);
234 this->nat_hasher->allocate_hash(this->nat_hasher, natd_chunk, &natd_hash);
235 DBG3(DBG_IKE, "natd_chunk %B", &natd_chunk);
236 DBG3(DBG_IKE, "natd_hash %B", &natd_hash);
237
238 chunk_free(&natd_chunk);
239 return natd_hash;
240 }
241
242 /**
243 * Build a NAT detection notify payload.
244 */
245 static notify_payload_t *build_natd_payload(private_ike_sa_init_t *this,
246 notify_type_t type, host_t *host)
247 {
248 chunk_t hash;
249 notify_payload_t *notify;
250 ike_sa_id_t *ike_sa_id;
251
252 ike_sa_id = this->ike_sa->get_id(this->ike_sa);
253 notify = notify_payload_create();
254 notify->set_notify_type(notify, type);
255 hash = generate_natd_hash(this, ike_sa_id, host);
256 notify->set_notification_data(notify, hash);
257 chunk_free(&hash);
258
259 return notify;
260 }
261
262 /**
263 * Implementation of transaction_t.get_request.
264 */
265 static status_t get_request(private_ike_sa_init_t *this, message_t **result)
266 {
267 message_t *request;
268 host_t *me, *other;
269 identification_t *my_id, *other_id;
270 char name[64];
271
272 /* check if we already have built a message (retransmission) */
273 if (this->message)
274 {
275 *result = this->message;
276 return SUCCESS;
277 }
278
279 me = this->connection->get_my_host(this->connection);
280 other = this->connection->get_other_host(this->connection);
281
282 /* we already set up the IDs. Mine is already fully qualified, other
283 * will be updated in the ike_auth transaction */
284 my_id = this->policy->get_my_id(this->policy);
285 other_id = this->policy->get_other_id(this->policy);
286 this->ike_sa->set_my_id(this->ike_sa, my_id->clone(my_id));
287 this->ike_sa->set_other_id(this->ike_sa, other_id->clone(other_id));
288 if (snprintf(name, sizeof(name), "%s{%d}",
289 this->connection->get_name(this->connection),
290 this->unique_id) > 0)
291 {
292 this->ike_sa->set_name(this->ike_sa, name);
293 }
294
295 /* setting up a IKE_SA implicitly requires setup of a CHILD_SA */
296 SIG(IKE_UP_START, "initiating IKE_SA '%s' between %H[%D]...%H[%D]",
297 this->connection->get_name(this->connection), me, my_id, other, other_id);
298 SIG(CHILD_UP_START, "establishing CHILD_SA '%s' along with IKE_SA",
299 this->policy->get_name(this->policy));
300
301 /* build the request */
302 request = message_create();
303 request->set_source(request, me->clone(me));
304 request->set_destination(request, other->clone(other));
305 request->set_exchange_type(request, IKE_SA_INIT);
306 request->set_request(request, TRUE);
307 request->set_message_id(request, this->message_id);
308 request->set_ike_sa_id(request, this->ike_sa->get_id(this->ike_sa));
309 /* apply for caller */
310 *result = request;
311 /* store for retransmission */
312 this->message = request;
313
314 /* if the DH group is set via use_dh_group(), we already have a DH object */
315 if (!this->diffie_hellman)
316 {
317 diffie_hellman_group_t dh_group;
318
319 dh_group = this->connection->get_dh_group(this->connection);
320 this->diffie_hellman = diffie_hellman_create(dh_group);
321 if (this->diffie_hellman == NULL)
322 {
323 SIG(IKE_UP_FAILED, "DH group %N not supported, aborting",
324 diffie_hellman_group_names, dh_group);
325 SIG(CHILD_UP_FAILED,
326 "initiating CHILD_SA failed, unable to create IKE_SA");
327 return DESTROY_ME;
328 }
329 }
330
331 { /* build the SA payload from proposals */
332 sa_payload_t *sa_payload;
333 linked_list_t *proposal_list;
334
335 proposal_list = this->connection->get_proposals(this->connection);
336 sa_payload = sa_payload_create_from_proposal_list(proposal_list);
337 proposal_list->destroy_offset(proposal_list, offsetof(proposal_t, destroy));
338
339 request->add_payload(request, (payload_t*)sa_payload);
340 }
341
342 { /* build the KE payload from the DH object */
343 ke_payload_t *ke_payload;
344
345 ke_payload = ke_payload_create_from_diffie_hellman(this->diffie_hellman);
346
347 request->add_payload(request, (payload_t*)ke_payload);
348 }
349
350 { /* build the NONCE payload for us (initiator) */
351 nonce_payload_t *nonce_payload;
352
353 if (this->randomizer->allocate_pseudo_random_bytes(this->randomizer,
354 NONCE_SIZE, &this->nonce_i) != SUCCESS)
355 {
356 SIG(IKE_UP_FAILED, "could not generate nonce, aborting");
357 SIG(CHILD_UP_FAILED,
358 "initiating CHILD_SA failed, unable to create IKE_SA");
359 return DESTROY_ME;
360 }
361 nonce_payload = nonce_payload_create();
362 nonce_payload->set_nonce(nonce_payload, this->nonce_i);
363
364 request->add_payload(request, (payload_t*)nonce_payload);
365 }
366
367 { /* build NAT_DETECTION notifys */
368 notify_payload_t *notify;
369 linked_list_t *list;
370 host_t *host;
371
372 /* N(NAT_DETECTION_SOURCE_IP)+
373 * we include only one notify if our address is defined, but all
374 * possible if not */
375 host = this->connection->get_my_host(this->connection);
376 if (host->is_anyaddr(host))
377 {
378 /* TODO: we could get the src address from netlink */
379 list = charon->socket->create_local_address_list(charon->socket);
380 while (list->remove_first(list, (void**)&host) == SUCCESS)
381 {
382 notify = build_natd_payload(this, NAT_DETECTION_SOURCE_IP, host);
383 host->destroy(host);
384 request->add_payload(request, (payload_t*)notify);
385 }
386 list->destroy(list);
387 }
388 else
389 {
390 notify = build_natd_payload(this, NAT_DETECTION_SOURCE_IP, host);
391 request->add_payload(request, (payload_t*)notify);
392 }
393
394 /* N(NAT_DETECTION_DESTINATION_IP) */
395 notify = build_natd_payload(this, NAT_DETECTION_DESTINATION_IP, other);
396 request->add_payload(request, (payload_t*)notify);
397 }
398
399 this->ike_sa->set_state(this->ike_sa, IKE_CONNECTING);
400 return SUCCESS;
401 }
402
403 /**
404 * Handle all kind of notifys
405 */
406 static status_t process_notifys(private_ike_sa_init_t *this, notify_payload_t *notify_payload)
407 {
408 chunk_t notification_data;
409 notify_type_t notify_type = notify_payload->get_notify_type(notify_payload);
410
411 DBG2(DBG_IKE, "process notify type %N", notify_type_names, notify_type);
412
413 switch (notify_type)
414 {
415 case NO_PROPOSAL_CHOSEN:
416 {
417 SIG(IKE_UP_FAILED,
418 "received a NO_PROPOSAL_CHOSEN notify, deleting IKE_SA");
419 return DESTROY_ME;
420 }
421 case INVALID_MAJOR_VERSION:
422 {
423 SIG(IKE_UP_FAILED,
424 "received a INVALID_MAJOR_VERSION notify, deleting IKE_SA");
425 return DESTROY_ME;
426 }
427 case INVALID_KE_PAYLOAD:
428 {
429 chunk_t notify_data;
430 diffie_hellman_group_t dh_group, old_dh_group;
431 ike_sa_init_t *retry;
432
433 old_dh_group = this->connection->get_dh_group(this->connection);
434 notify_data = notify_payload->get_notification_data(notify_payload);
435 dh_group = ntohs(*((u_int16_t*)notify_data.ptr));
436
437 DBG1(DBG_IKE, "peer didn't accept DH group %N, it requested %N",
438 diffie_hellman_group_names, old_dh_group,
439 diffie_hellman_group_names, dh_group);
440 if (!this->connection->check_dh_group(this->connection, dh_group))
441 {
442 SIG(IKE_UP_FAILED, "DH group %N not acceptable, aborting",
443 diffie_hellman_group_names, dh_group);
444 return DESTROY_ME;
445 }
446 retry = ike_sa_init_create(this->ike_sa);
447 retry->set_config(retry, this->connection, this->policy);
448 this->connection = NULL;
449 this->policy = NULL;
450 retry->use_dh_group(retry, dh_group);
451 *this->next = (transaction_t*)retry;
452 return FAILED;
453 }
454 case NAT_DETECTION_DESTINATION_IP:
455 {
456 this->natd_dst_seen = TRUE;
457 if (this->natd_dst_matched)
458 {
459 return SUCCESS;
460 }
461 notification_data = notify_payload->get_notification_data(notify_payload);
462 if (chunk_equals(notification_data, this->natd_dst_hash))
463 {
464 this->natd_dst_matched = TRUE;
465 DBG2(DBG_IKE, "NAT-D dst hash match");
466 }
467 else
468 {
469 DBG2(DBG_IKE, "NAT-D dst hash mismatch");
470 }
471 return SUCCESS;
472 }
473 case NAT_DETECTION_SOURCE_IP:
474 {
475 this->natd_src_seen = TRUE;;
476 if (this->natd_src_matched)
477 {
478 return SUCCESS;
479 }
480 notification_data = notify_payload->get_notification_data(notify_payload);
481 if (chunk_equals(notification_data, this->natd_src_hash))
482 {
483 this->natd_src_matched = TRUE;
484 DBG2(DBG_IKE, "NAT-D src hash match");
485 }
486 else
487 {
488 DBG2(DBG_IKE, "NAT-D src hash mismatch");
489 }
490 return SUCCESS;
491 }
492 default:
493 {
494 if (notify_type < 16383)
495 {
496 SIG(IKE_UP_FAILED, "received %N notify error, deleting IKE_SA",
497 notify_type_names, notify_type);
498 return DESTROY_ME;
499 }
500 else
501 {
502 DBG1(DBG_IKE, "received %N notify, ignored",
503 notify_type_names, notify_type);
504 return SUCCESS;
505 }
506 }
507 }
508 }
509
510 /**
511 * Implementation of transaction_t.get_response.
512 */
513 static status_t get_response(private_ike_sa_init_t *this,
514 message_t *request, message_t **result,
515 transaction_t **next)
516 {
517 host_t *me, *other;
518 message_t *response;
519 status_t status;
520 iterator_t *payloads;
521 payload_t *payload;
522 sa_payload_t *sa_request = NULL;
523 ke_payload_t *ke_request = NULL;
524 nonce_payload_t *nonce_request = NULL;
525 ike_sa_id_t *ike_sa_id;
526 u_int32_t timeout;
527 char name[64];
528
529 /* check if we already have built a response (retransmission) */
530 if (this->message)
531 {
532 *result = this->message;
533 return SUCCESS;
534 }
535
536 me = request->get_destination(request);
537 other = request->get_source(request);
538 this->message_id = request->get_message_id(request);
539
540 SIG(IKE_UP_START, "establishing IKE_SA between %H...%H", me, other);
541
542 /* set up response */
543 response = message_create();
544 response->set_source(response, me->clone(me));
545 response->set_destination(response, other->clone(other));
546 response->set_exchange_type(response, IKE_SA_INIT);
547 response->set_request(response, FALSE);
548 response->set_message_id(response, this->message_id);
549 response->set_ike_sa_id(response, this->ike_sa->get_id(this->ike_sa));
550 this->message = response;
551 *result = response;
552
553 /* check message type */
554 if (request->get_exchange_type(request) != IKE_SA_INIT)
555 {
556 SIG(IKE_UP_FAILED, "IKE_SA_INIT request of invalid type, deleting IKE_SA");
557 return DESTROY_ME;
558 }
559
560 /* this is the first message to process, find a connection for IKE_SA */
561 this->connection = charon->connections->get_connection_by_hosts(
562 charon->connections, me, other);
563 if (this->connection == NULL)
564 {
565 notify_payload_t *notify = notify_payload_create();
566 notify->set_notify_type(notify, NO_PROPOSAL_CHOSEN);
567 response->add_payload(response, (payload_t*)notify);
568
569 SIG(IKE_UP_FAILED, "no connection for hosts %H...%H found, "
570 "deleting IKE_SA", me, other);
571 return DESTROY_ME;
572 }
573
574 if (snprintf(name, sizeof(name), "%s{%d}",
575 this->connection->get_name(this->connection),
576 this->unique_id) > 0)
577 {
578 this->ike_sa->set_name(this->ike_sa, name);
579 }
580 this->ike_sa->apply_connection(this->ike_sa, this->connection);
581
582 /* Precompute NAT-D hashes for incoming NAT notify comparison */
583 ike_sa_id = request->get_ike_sa_id(request);
584 this->natd_dst_hash = generate_natd_hash(this, ike_sa_id, me);
585 this->natd_src_hash = generate_natd_hash(this, ike_sa_id, other);
586
587 /* Iterate over all payloads. */
588 payloads = request->get_payload_iterator(request);
589 while (payloads->iterate(payloads, (void**)&payload))
590 {
591 switch (payload->get_type(payload))
592 {
593 case SECURITY_ASSOCIATION:
594 sa_request = (sa_payload_t*)payload;
595 break;
596 case KEY_EXCHANGE:
597 ke_request = (ke_payload_t*)payload;
598 break;
599 case NONCE:
600 nonce_request = (nonce_payload_t*)payload;
601 break;
602 case NOTIFY:
603 {
604 status = process_notifys(this, (notify_payload_t*)payload);
605 if (status == FAILED)
606 {
607 payloads->destroy(payloads);
608 /* we return SUCCESS, returned FAILED means do next transaction */
609 return SUCCESS;
610 }
611 if (status == DESTROY_ME)
612 {
613 payloads->destroy(payloads);
614 return DESTROY_ME;
615 }
616 break;
617 }
618 default:
619 {
620 DBG2(DBG_IKE, "ignoring %N payload",
621 payload_type_names, payload->get_type(payload));
622 break;
623 }
624 }
625 }
626 payloads->destroy(payloads);
627
628 /* check if we have all payloads */
629 if (!(sa_request && ke_request && nonce_request))
630 {
631 notify_payload_t *notify = notify_payload_create();
632 notify->set_notify_type(notify, INVALID_SYNTAX);
633 response->add_payload(response, (payload_t*)notify);
634 SIG(IKE_UP_FAILED, "received request message incomplete, deleting IKE_SA");
635 return DESTROY_ME;
636 }
637
638 { /* process SA payload:
639 * -------------------
640 * - extract proposals
641 * - select our most preferred proposal found in extracted
642 * - if no matches, return NO_PROPOSAL_CHOSEN
643 * - add sa payload with selected proposal
644 */
645 sa_payload_t* sa_response;
646 linked_list_t *proposal_list;
647
648 proposal_list = sa_request->get_proposals(sa_request);
649 this->proposal = this->connection->select_proposal(this->connection, proposal_list);
650 proposal_list->destroy_offset(proposal_list, offsetof(proposal_t, destroy));
651 if (this->proposal == NULL)
652 {
653 notify_payload_t *notify = notify_payload_create();
654 notify->set_notify_type(notify, NO_PROPOSAL_CHOSEN);
655 response->add_payload(response, (payload_t*)notify);
656 SIG(IKE_UP_FAILED, "request did not contain any acceptable "
657 "proposals, deleting IKE_SA");
658 return DESTROY_ME;
659 }
660 sa_response = sa_payload_create_from_proposal(this->proposal);
661 response->add_payload(response, (payload_t *)sa_response);
662 }
663
664 { /* process KE payload:
665 * --------------------
666 * - check if used group match the selected proposal
667 * - if not, stop with INVALID_KE_PAYLOAD
668 * - apply others public value to complete diffie hellman exchange
669 * - add our public value to response
670 */
671 diffie_hellman_group_t used_group;
672 ke_payload_t *ke_response;
673
674 used_group = ke_request->get_dh_group_number(ke_request);
675
676 if (!this->connection->check_dh_group(this->connection, used_group) ||
677 (this->diffie_hellman = diffie_hellman_create(used_group)) == NULL)
678 {
679 u_int16_t notify_group;
680 chunk_t notify_chunk;
681 notify_payload_t *notify;
682 iterator_t *iterator;
683 payload_t *payload;
684
685 notify_group = this->connection->get_dh_group(this->connection);
686 SIG(IKE_UP_FAILED, "request used inacceptable DH group %N, sending "
687 "INVALID_KE_PAYLOAD with %N, deleting IKE_SA",
688 diffie_hellman_group_names, used_group,
689 diffie_hellman_group_names, notify_group);
690
691 /* remove already added payloads */
692 iterator = response->get_payload_iterator(response);
693 while (iterator->iterate(iterator, (void**)&payload))
694 {
695 iterator->remove(iterator);
696 payload->destroy(payload);
697 }
698 iterator->destroy(iterator);
699
700 notify_group = htons(notify_group);
701 notify_chunk.ptr = (u_int8_t*)&notify_group;
702 notify_chunk.len = sizeof(notify_group);
703 notify = notify_payload_create();
704 notify->set_notify_type(notify, INVALID_KE_PAYLOAD);
705 notify->set_notification_data(notify, notify_chunk);
706 response->add_payload(response, (payload_t*)notify);
707 return DESTROY_ME;
708 }
709 this->diffie_hellman->set_other_public_value(this->diffie_hellman,
710 ke_request->get_key_exchange_data(ke_request));
711
712 /* build response */
713 ke_response = ke_payload_create_from_diffie_hellman(this->diffie_hellman);
714 response->add_payload(response, (payload_t*)ke_response);
715 }
716
717 { /* process nonce payload:
718 * ----------------------
719 * - get nonce from payload
720 * - generate own nonce and add to reply
721 */
722 nonce_payload_t *nonce_response;
723
724 this->nonce_i = nonce_request->get_nonce(nonce_request);
725
726 /* build response nonce */
727 if (this->randomizer->allocate_pseudo_random_bytes(this->randomizer,
728 NONCE_SIZE, &this->nonce_r) != SUCCESS)
729 {
730 notify_payload_t *notify = notify_payload_create();
731 notify->set_notify_type(notify, NO_PROPOSAL_CHOSEN);
732 response->add_payload(response, (payload_t*)notify);
733 SIG(IKE_UP_FAILED, "could not create nonce, deleting IKE_SA");
734 return DESTROY_ME;
735 }
736 nonce_response = nonce_payload_create();
737 nonce_response->set_nonce(nonce_response, this->nonce_r);
738 response->add_payload(response, (payload_t *)nonce_response);
739 }
740
741 { /* processs NATT stuff:
742 * --------------------
743 * - check if we or other is behind NAT
744 * - enable NATT if so
745 * - build NAT detection notifys for reply
746 */
747 notify_payload_t *notify;
748
749 if ((!this->natd_src_seen && this->natd_dst_seen) ||
750 (this->natd_src_seen && !this->natd_dst_seen))
751 {
752 notify = notify_payload_create();
753 notify->set_notify_type(notify, INVALID_SYNTAX);
754 response->add_payload(response, (payload_t*)notify);
755 SIG(IKE_UP_FAILED, "request contained invalid number of NAT-D"
756 "payloads, deleting IKE_SA");
757 return DESTROY_ME;
758 }
759 if (this->natd_dst_seen && !this->natd_dst_matched)
760 {
761 this->ike_sa->enable_natt(this->ike_sa, TRUE);
762 }
763 if (this->natd_src_seen && !this->natd_src_matched)
764 {
765 this->ike_sa->enable_natt(this->ike_sa, FALSE);
766 }
767 /* build response NAT DETECTION notifys, if remote supports it */
768 if (this->natd_src_seen || this->natd_dst_seen)
769 {
770 /* N(NAT_DETECTION_SOURCE_IP) */
771 notify = build_natd_payload(this, NAT_DETECTION_SOURCE_IP, me);
772 response->add_payload(response, (payload_t*)notify);
773
774 /* N(NAT_DETECTION_DESTINATION_IP) */
775 notify = build_natd_payload(this, NAT_DETECTION_DESTINATION_IP, other);
776 response->add_payload(response, (payload_t*)notify);
777 }
778 }
779
780 /* derive all the keys used in the IKE_SA */
781 if (this->ike_sa->derive_keys(this->ike_sa, this->proposal,
782 this->diffie_hellman,
783 this->nonce_i, this->nonce_r,
784 FALSE, NULL, NULL) != SUCCESS)
785 {
786 notify_payload_t *notify = notify_payload_create();
787 notify->set_notify_type(notify, NO_PROPOSAL_CHOSEN);
788 response->add_payload(response, (payload_t*)notify);
789 SIG(IKE_UP_FAILED, "error creating transforms from proposal, deleting IKE_SA");
790 return DESTROY_ME;
791 }
792
793 this->ike_sa->set_lifetimes(this->ike_sa,
794 this->connection->get_soft_lifetime(this->connection),
795 this->connection->get_hard_lifetime(this->connection));
796
797 { /* create ike_auth transaction, which will store informations for us */
798 packet_t *response_packet;
799 chunk_t request_chunk, response_chunk;
800 ike_auth_t *ike_auth;
801
802 /* we normally do not generate the message. But we need the generated message
803 * for authentication in the next state, so we do it here. This is not problematic,
804 * as we don't use a crypter/signer in ike_sa_init... */
805 if (response->generate(response, NULL, NULL, &response_packet) != SUCCESS)
806 {
807 SIG(IKE_UP_FAILED, "error in response generation, deleting IKE_SA");
808 return DESTROY_ME;
809 }
810 response_packet->destroy(response_packet);
811 request_chunk = request->get_packet_data(request);
812 response_chunk = response->get_packet_data(response);
813
814 /* create next transaction, for which we except a message */
815 ike_auth = ike_auth_create(this->ike_sa);
816 ike_auth->set_config(ike_auth, this->connection, this->policy);
817 ike_auth->set_reqid(ike_auth, this->reqid);
818 this->connection = NULL;
819 this->policy = NULL;
820 ike_auth->set_nonces(ike_auth,
821 chunk_clone(this->nonce_i),
822 chunk_clone(this->nonce_r));
823 ike_auth->set_init_messages(ike_auth, request_chunk, response_chunk);
824 *next = (transaction_t*)ike_auth;
825 }
826
827 /* everything went fine. Now we set a timeout to destroy half initiated IKE_SAs */
828 timeout = charon->configuration->get_half_open_ike_sa_timeout(charon->configuration);
829 if (timeout)
830 {
831 job_t *job = (job_t*)delete_ike_sa_job_create(
832 this->ike_sa->get_id(this->ike_sa), FALSE);
833 charon->event_queue->add_relative(charon->event_queue, job, timeout);
834 }
835 /* set new state */
836 this->ike_sa->set_state(this->ike_sa, IKE_CONNECTING);
837
838 return SUCCESS;
839 }
840
841
842 /**
843 * Implementation of transaction_t.conclude
844 */
845 static status_t conclude(private_ike_sa_init_t *this, message_t *response,
846 transaction_t **next)
847 {
848 u_int64_t responder_spi;
849 ike_sa_id_t *ike_sa_id;
850 iterator_t *payloads;
851 payload_t *payload;
852 host_t *me, *other;
853 sa_payload_t *sa_payload = NULL;
854 ke_payload_t *ke_payload = NULL;
855 nonce_payload_t *nonce_payload = NULL;
856 status_t status;
857
858 /* check message type */
859 if (response->get_exchange_type(response) != IKE_SA_INIT)
860 {
861 SIG(IKE_UP_FAILED, "IKE_SA_INIT response of invalid type, deleting IKE_SA");
862 SIG(CHILD_UP_FAILED, "initiating CHILD_SA failed, unable to create IKE_SA");
863 return DESTROY_ME;
864 }
865
866 /* allow setting of next transaction in other functions */
867 this->next = next;
868
869 me = this->connection->get_my_host(this->connection);
870 other = this->connection->get_other_host(this->connection);
871
872 /* check if SPI has been updated, but apply only if all goes ok later */
873 responder_spi = response->get_responder_spi(response);
874 if (responder_spi == 0)
875 {
876 SIG(IKE_UP_FAILED, "response contained a SPI of zero, deleting IKE_SA");
877 SIG(CHILD_UP_FAILED, "initiating CHILD_SA failed, unable to create IKE_SA");
878 return DESTROY_ME;
879 }
880
881 /* Precompute NAT-D hashes for later comparison */
882 ike_sa_id = response->get_ike_sa_id(response);
883 this->natd_src_hash = generate_natd_hash(this, ike_sa_id, other);
884 this->natd_dst_hash = generate_natd_hash(this, ike_sa_id, me);
885
886 /* Iterate over all payloads to collect them */
887 payloads = response->get_payload_iterator(response);
888 while (payloads->iterate(payloads, (void**)&payload))
889 {
890 switch (payload->get_type(payload))
891 {
892 case SECURITY_ASSOCIATION:
893 {
894 sa_payload = (sa_payload_t*)payload;
895 break;
896 }
897 case KEY_EXCHANGE:
898 {
899 ke_payload = (ke_payload_t*)payload;
900 break;
901 }
902 case NONCE:
903 {
904 nonce_payload = (nonce_payload_t*)payload;
905 break;
906 }
907 case NOTIFY:
908 {
909 status = process_notifys(this, (notify_payload_t*)payload);
910 if (status == FAILED)
911 {
912 payloads->destroy(payloads);
913 /* we return SUCCESS, returned FAILED means do next transaction */
914 return SUCCESS;
915 }
916 if (status == DESTROY_ME)
917 {
918 SIG(CHILD_UP_FAILED, "initiating CHILD_SA failed, unable to create IKE_SA");
919 payloads->destroy(payloads);
920 return status;
921 }
922 break;
923 }
924 default:
925 {
926 DBG1(DBG_IKE, "ignoring payload %N",
927 payload_type_names, payload->get_type(payload));
928 break;
929 }
930 }
931 }
932 payloads->destroy(payloads);
933
934 if (!(nonce_payload && sa_payload && ke_payload))
935 {
936 SIG(IKE_UP_FAILED, "response message incomplete, deleting IKE_SA");
937 SIG(CHILD_UP_FAILED, "initiating CHILD_SA failed, unable to create IKE_SA");
938 return DESTROY_ME;
939 }
940
941 { /* process SA payload:
942 * -------------------
943 * - get proposals from it
944 * - check if peer selected a proposal
945 * - verify it's selection againts our set
946 */
947 linked_list_t *proposal_list;
948
949 /* get the list of selected proposals, the peer has to select only one proposal */
950 proposal_list = sa_payload->get_proposals (sa_payload);
951 if (proposal_list->get_count(proposal_list) != 1)
952 {
953 SIG(IKE_UP_FAILED, "response did not contain a single proposal, deleting IKE_SA");
954 SIG(CHILD_UP_FAILED, "initiating CHILD_SA failed, unable to create IKE_SA");
955 proposal_list->destroy_offset(proposal_list, offsetof(proposal_t, destroy));
956 return DESTROY_ME;
957 }
958
959 /* we have to re-check if the others selection is valid */
960 this->proposal = this->connection->select_proposal(this->connection, proposal_list);
961 proposal_list->destroy_offset(proposal_list, offsetof(proposal_t, destroy));
962
963 if (this->proposal == NULL)
964 {
965 SIG(IKE_UP_FAILED, "peer selected a proposal we did not offer, deleting IKE_SA");
966 SIG(CHILD_UP_FAILED, "initiating CHILD_SA failed, unable to create IKE_SA");
967 return DESTROY_ME;
968 }
969 }
970
971 { /* process KE payload:
972 * -------------------
973 * - extract others public value
974 * - complete diffie-hellman exchange
975 */
976 this->diffie_hellman->set_other_public_value(this->diffie_hellman,
977 ke_payload->get_key_exchange_data(ke_payload));
978 }
979
980 { /* process NONCE payload:
981 * ----------------------
982 * - extract nonce used for key derivation */
983 this->nonce_r = nonce_payload->get_nonce(nonce_payload);
984 }
985
986 { /* process NATT stuff:
987 * -------------------
988 * - check if we or other is NATted
989 * - switch to port 4500 if so
990 */
991 if ((!this->natd_dst_seen && this->natd_src_seen) ||
992 (this->natd_dst_seen && !this->natd_src_seen))
993 {
994 SIG(IKE_UP_FAILED, "request contained invalid number of NAT-D payloads, deleting IKE_SA");
995 SIG(CHILD_UP_FAILED, "initiating CHILD_SA failed, unable to create IKE_SA");
996 return DESTROY_ME;
997 }
998 if (this->natd_src_seen && !this->natd_src_matched)
999 {
1000 this->ike_sa->enable_natt(this->ike_sa, FALSE);
1001 }
1002 if (this->natd_dst_seen && !this->natd_dst_matched)
1003 {
1004 this->ike_sa->enable_natt(this->ike_sa, TRUE);
1005 }
1006 if (this->ike_sa->is_natt_enabled(this->ike_sa))
1007 {
1008 me = this->ike_sa->get_my_host(this->ike_sa);
1009 me->set_port(me, IKEV2_NATT_PORT);
1010 other = this->ike_sa->get_other_host(this->ike_sa);
1011 other->set_port(other, IKEV2_NATT_PORT);
1012
1013 DBG2(DBG_IKE, "switching to port %d", IKEV2_NATT_PORT);
1014 }
1015 }
1016
1017 /* because we are original initiator we have to update the responder SPI to the new one */
1018 ike_sa_id = this->ike_sa->get_id(this->ike_sa);
1019 ike_sa_id->set_responder_spi(ike_sa_id, responder_spi);
1020
1021 /* derive all the keys used in the IKE_SA */
1022 if (this->ike_sa->derive_keys(this->ike_sa, this->proposal,
1023 this->diffie_hellman,
1024 this->nonce_i, this->nonce_r,
1025 TRUE, NULL, NULL) != SUCCESS)
1026 {
1027 SIG(IKE_UP_FAILED, "error creating transforms from proposal, deleting IKE_SA");
1028 SIG(CHILD_UP_FAILED, "initiating CHILD_SA failed, unable to create IKE_SA");
1029 return DESTROY_ME;
1030 }
1031
1032 this->ike_sa->set_lifetimes(this->ike_sa,
1033 this->connection->get_soft_lifetime(this->connection),
1034 this->connection->get_hard_lifetime(this->connection));
1035
1036 { /* create ike_auth transaction, which will continue IKE_SA setup */
1037 chunk_t request_chunk, response_chunk;
1038 ike_auth_t *ike_auth;
1039
1040 request_chunk = this->message->get_packet_data(this->message);
1041 response_chunk = response->get_packet_data(response);
1042
1043 /* create next transaction, for which we except a message */
1044 ike_auth = ike_auth_create(this->ike_sa);
1045 ike_auth->set_config(ike_auth, this->connection, this->policy);
1046 ike_auth->set_reqid(ike_auth, this->reqid);
1047 this->connection = NULL;
1048 this->policy = NULL;
1049 ike_auth->set_nonces(ike_auth,
1050 chunk_clone(this->nonce_i),
1051 chunk_clone(this->nonce_r));
1052 ike_auth->set_init_messages(ike_auth, request_chunk, response_chunk);
1053 *next = (transaction_t*)ike_auth;
1054 }
1055
1056 return SUCCESS;
1057 }
1058
1059 static void destroy(private_ike_sa_init_t *this)
1060 {
1061 DESTROY_IF(this->message);
1062 DESTROY_IF(this->diffie_hellman);
1063 DESTROY_IF(this->proposal);
1064 DESTROY_IF(this->connection);
1065 DESTROY_IF(this->policy);
1066 chunk_free(&this->nonce_i);
1067 chunk_free(&this->nonce_r);
1068 this->randomizer->destroy(this->randomizer);
1069 this->nat_hasher->destroy(this->nat_hasher);
1070 chunk_free(&this->natd_src_hash);
1071 chunk_free(&this->natd_dst_hash);
1072 free(this);
1073 }
1074
1075 /*
1076 * Described in header.
1077 */
1078 ike_sa_init_t *ike_sa_init_create(ike_sa_t *ike_sa)
1079 {
1080 static u_int unique_id = 0;
1081 private_ike_sa_init_t *this = malloc_thing(private_ike_sa_init_t);
1082
1083 /* transaction interface functions */
1084 this->public.transaction.get_request = (status_t(*)(transaction_t*,message_t**))get_request;
1085 this->public.transaction.get_response = (status_t(*)(transaction_t*,message_t*,message_t**,transaction_t**))get_response;
1086 this->public.transaction.conclude = (status_t(*)(transaction_t*,message_t*,transaction_t**))conclude;
1087 this->public.transaction.get_message_id = (u_int32_t(*)(transaction_t*))get_message_id;
1088 this->public.transaction.requested = (u_int32_t(*)(transaction_t*))requested;
1089 this->public.transaction.destroy = (void(*)(transaction_t*))destroy;
1090
1091 /* public functions */
1092 this->public.set_config = (void(*)(ike_sa_init_t*,connection_t*,policy_t*))set_config;
1093 this->public.set_reqid = (void(*)(ike_sa_init_t*,u_int32_t))set_reqid;
1094 this->public.use_dh_group = (bool(*)(ike_sa_init_t*,diffie_hellman_group_t))use_dh_group;
1095
1096 /* private data */
1097 this->ike_sa = ike_sa;
1098 this->message_id = 0;
1099 this->message = NULL;
1100 this->requested = 0;
1101 this->diffie_hellman = NULL;
1102 this->nonce_i = CHUNK_INITIALIZER;
1103 this->nonce_r = CHUNK_INITIALIZER;
1104 this->connection = NULL;
1105 this->policy = NULL;
1106 this->proposal = NULL;
1107 this->unique_id = ++unique_id;
1108 this->reqid = 0;
1109 this->randomizer = randomizer_create();
1110 this->nat_hasher = hasher_create(HASH_SHA1);
1111 this->natd_src_hash = CHUNK_INITIALIZER;
1112 this->natd_dst_hash = CHUNK_INITIALIZER;
1113 this->natd_src_seen = FALSE;
1114 this->natd_dst_seen = FALSE;
1115 this->natd_src_matched = FALSE;
1116 this->natd_dst_matched = FALSE;
1117
1118 return &this->public;
1119 }