dbdc0c07e046c22e135b5c65bc2ac8ac660d2b20
[strongswan.git] / src / libcharon / sa / tasks / main_mode.c
1 /*
2 * Copyright (C) 2011 Tobias Brunner
3 * Hochschule fuer Technik Rapperswil
4 *
5 * Copyright (C) 2011 Martin Willi
6 * Copyright (C) 2011 revosec AG
7 *
8 * This program is free software; you can redistribute it and/or modify it
9 * under the terms of the GNU General Public License as published by the
10 * Free Software Foundation; either version 2 of the License, or (at your
11 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
12 *
13 * This program is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
15 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
16 * for more details.
17 */
18
19 #include "main_mode.h"
20
21 #include <string.h>
22
23 #include <daemon.h>
24 #include <sa/keymat_v1.h>
25 #include <crypto/diffie_hellman.h>
26 #include <encoding/payloads/sa_payload.h>
27 #include <encoding/payloads/ke_payload.h>
28 #include <encoding/payloads/nonce_payload.h>
29 #include <encoding/payloads/id_payload.h>
30 #include <encoding/payloads/hash_payload.h>
31 #include <sa/tasks/xauth.h>
32 #include <sa/tasks/mode_config.h>
33
34 typedef struct private_main_mode_t private_main_mode_t;
35
36 /**
37 * Private members of a main_mode_t task.
38 */
39 struct private_main_mode_t {
40
41 /**
42 * Public methods and task_t interface.
43 */
44 main_mode_t public;
45
46 /**
47 * Assigned IKE_SA.
48 */
49 ike_sa_t *ike_sa;
50
51 /**
52 * Are we the initiator?
53 */
54 bool initiator;
55
56 /**
57 * IKE config to establish
58 */
59 ike_cfg_t *ike_cfg;
60
61 /**
62 * Peer config to use
63 */
64 peer_cfg_t *peer_cfg;
65
66 /**
67 * Local authentication configuration
68 */
69 auth_cfg_t *my_auth;
70
71 /**
72 * Remote authentication configuration
73 */
74 auth_cfg_t *other_auth;
75
76 /**
77 * selected IKE proposal
78 */
79 proposal_t *proposal;
80
81 /**
82 * DH exchange
83 */
84 diffie_hellman_t *dh;
85
86 /**
87 * Keymat derivation (from SA)
88 */
89 keymat_v1_t *keymat;
90
91 /**
92 * Received public DH value from peer
93 */
94 chunk_t dh_value;
95
96 /**
97 * Initiators nonce
98 */
99 chunk_t nonce_i;
100
101 /**
102 * Responder nonce
103 */
104 chunk_t nonce_r;
105
106 /**
107 * Encoded SA initiator payload used for authentication
108 */
109 chunk_t sa_payload;
110
111 /**
112 * Negotiated SA lifetime
113 */
114 u_int32_t lifetime;
115
116 /**
117 * Negotiated authentication method
118 */
119 auth_method_t auth_method;
120
121 /**
122 * Authenticator to use
123 */
124 authenticator_t *authenticator;
125
126 /**
127 * Notify type in case of error
128 */
129 notify_type_t notify_type;
130
131 /**
132 * Notify data in case of error
133 */
134 chunk_t notify_data;
135
136 /** states of main mode */
137 enum {
138 MM_INIT,
139 MM_SA,
140 MM_KE,
141 MM_AUTH,
142 } state;
143 };
144
145 /**
146 * Get the first authentcation config from peer config
147 */
148 static auth_cfg_t *get_auth_cfg(private_main_mode_t *this, bool local)
149 {
150 enumerator_t *enumerator;
151 auth_cfg_t *cfg = NULL;
152
153 enumerator = this->peer_cfg->create_auth_cfg_enumerator(this->peer_cfg,
154 local);
155 enumerator->enumerate(enumerator, &cfg);
156 enumerator->destroy(enumerator);
157 return cfg;
158 }
159
160 /**
161 * Save the encoded SA payload of a message
162 */
163 static bool save_sa_payload(private_main_mode_t *this, message_t *message)
164 {
165 enumerator_t *enumerator;
166 payload_t *payload, *sa = NULL;
167 chunk_t data;
168 size_t offset = IKE_HEADER_LENGTH;
169
170 enumerator = message->create_payload_enumerator(message);
171 while (enumerator->enumerate(enumerator, &payload))
172 {
173 if (payload->get_type(payload) == SECURITY_ASSOCIATION_V1)
174 {
175 sa = payload;
176 break;
177 }
178 else
179 {
180 offset += payload->get_length(payload);
181 }
182 }
183 enumerator->destroy(enumerator);
184
185 data = message->get_packet_data(message);
186 if (sa && data.len >= offset + sa->get_length(sa))
187 {
188 /* Get SA payload without 4 byte fixed header */
189 data = chunk_skip(data, offset);
190 data.len = sa->get_length(sa);
191 data = chunk_skip(data, 4);
192 this->sa_payload = chunk_clone(data);
193 return TRUE;
194 }
195 return FALSE;
196 }
197
198 /**
199 * Generate and add NONCE, KE payload
200 */
201 static bool add_nonce_ke(private_main_mode_t *this, chunk_t *nonce,
202 message_t *message)
203 {
204 nonce_payload_t *nonce_payload;
205 ke_payload_t *ke_payload;
206 rng_t *rng;
207
208 ke_payload = ke_payload_create_from_diffie_hellman(KEY_EXCHANGE_V1,
209 this->dh);
210 message->add_payload(message, &ke_payload->payload_interface);
211
212 rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK);
213 if (!rng)
214 {
215 DBG1(DBG_IKE, "no RNG found to create nonce");
216 return FALSE;
217 }
218 rng->allocate_bytes(rng, NONCE_SIZE, nonce);
219 rng->destroy(rng);
220
221 nonce_payload = nonce_payload_create(NONCE_V1);
222 nonce_payload->set_nonce(nonce_payload, *nonce);
223 message->add_payload(message, &nonce_payload->payload_interface);
224
225 return TRUE;
226 }
227
228 /**
229 * Extract nonce from NONCE payload, process KE payload
230 */
231 static bool get_nonce_ke(private_main_mode_t *this, chunk_t *nonce,
232 message_t *message)
233 {
234 nonce_payload_t *nonce_payload;
235 ke_payload_t *ke_payload;
236
237 ke_payload = (ke_payload_t*)message->get_payload(message, KEY_EXCHANGE_V1);
238 if (!ke_payload)
239 {
240 DBG1(DBG_IKE, "KE payload missing in message");
241 return FALSE;
242 }
243 this->dh_value = chunk_clone(ke_payload->get_key_exchange_data(ke_payload));
244 this->dh->set_other_public_value(this->dh, this->dh_value);
245
246 nonce_payload = (nonce_payload_t*)message->get_payload(message, NONCE_V1);
247 if (!nonce_payload)
248 {
249 DBG1(DBG_IKE, "NONCE payload missing in message");
250 return FALSE;
251 }
252 *nonce = nonce_payload->get_nonce(nonce_payload);
253
254 return TRUE;
255 }
256
257 /**
258 * Get the two auth classes from local or remote config
259 */
260 static void get_auth_class(peer_cfg_t *peer_cfg, bool local,
261 auth_class_t *c1, auth_class_t *c2)
262 {
263 enumerator_t *enumerator;
264 auth_cfg_t *auth;
265
266 *c1 = *c2 = AUTH_CLASS_ANY;
267
268 enumerator = peer_cfg->create_auth_cfg_enumerator(peer_cfg, local);
269 while (enumerator->enumerate(enumerator, &auth))
270 {
271 if (*c1 == AUTH_CLASS_ANY)
272 {
273 *c1 = (uintptr_t)auth->get(auth, AUTH_RULE_AUTH_CLASS);
274 }
275 else
276 {
277 *c2 = (uintptr_t)auth->get(auth, AUTH_RULE_AUTH_CLASS);
278 break;
279 }
280 }
281 enumerator->destroy(enumerator);
282 }
283
284 /**
285 * Get auth method to use from a peer config
286 */
287 static auth_method_t get_auth_method(private_main_mode_t *this,
288 peer_cfg_t *peer_cfg)
289 {
290 auth_class_t i1, i2, r1, r2;
291
292 get_auth_class(peer_cfg, this->initiator, &i1, &i2);
293 get_auth_class(peer_cfg, !this->initiator, &r1, &r2);
294
295 if (i1 == AUTH_CLASS_PUBKEY && r1 == AUTH_CLASS_PUBKEY)
296 {
297 if (i2 == AUTH_CLASS_ANY && r2 == AUTH_CLASS_ANY)
298 {
299 /* TODO-IKEv1: ECDSA? */
300 return AUTH_RSA;
301 }
302 if (i2 == AUTH_CLASS_XAUTH)
303 {
304 return AUTH_XAUTH_INIT_RSA;
305 }
306 if (r2 == AUTH_CLASS_XAUTH)
307 {
308 return AUTH_XAUTH_RESP_RSA;
309 }
310 }
311 if (i1 == AUTH_CLASS_PSK && r1 == AUTH_CLASS_PSK)
312 {
313 if (i2 == AUTH_CLASS_ANY && r2 == AUTH_CLASS_ANY)
314 {
315 return AUTH_PSK;
316 }
317 if (i2 == AUTH_CLASS_XAUTH)
318 {
319 return AUTH_XAUTH_INIT_PSK;
320 }
321 if (r2 == AUTH_CLASS_XAUTH)
322 {
323 return AUTH_XAUTH_RESP_PSK;
324 }
325 }
326 /* TODO-IKEv1: Hybrid methods? */
327 return AUTH_NONE;;
328 }
329
330 /**
331 * Select the best configuration as responder
332 */
333 static peer_cfg_t *select_config(private_main_mode_t *this, identification_t *id)
334 {
335 enumerator_t *enumerator;
336 peer_cfg_t *current, *found = NULL;
337
338 enumerator = charon->backends->create_peer_cfg_enumerator(charon->backends,
339 this->ike_sa->get_my_host(this->ike_sa),
340 this->ike_sa->get_other_host(this->ike_sa), NULL, id);
341 while (enumerator->enumerate(enumerator, &current))
342 {
343 if (get_auth_method(this, current) == this->auth_method)
344 {
345 found = current->get_ref(current);
346 break;
347 }
348 }
349 enumerator->destroy(enumerator);
350
351 return found;
352 }
353
354 /**
355 * Check for notify errors, return TRUE if error found
356 */
357 static bool has_notify_errors(private_main_mode_t *this, message_t *message)
358 {
359 enumerator_t *enumerator;
360 payload_t *payload;
361 bool err = FALSE;
362
363 enumerator = message->create_payload_enumerator(message);
364 while (enumerator->enumerate(enumerator, &payload))
365 {
366 if (payload->get_type(payload) == NOTIFY_V1)
367 {
368 notify_payload_t *notify;
369 notify_type_t type;
370
371 notify = (notify_payload_t*)payload;
372 type = notify->get_notify_type(notify);
373 if (type < 16384)
374 {
375 DBG1(DBG_IKE, "received %N error notify",
376 notify_type_names, type);
377 err = TRUE;
378 }
379 else if (type == INITIAL_CONTACT_IKEV1)
380 {
381 if (!this->initiator && this->state == MM_AUTH)
382 {
383 /* If authenticated and received INITIAL_CONTACT,
384 * delete any existing IKE_SAs with that peer.
385 * The delete takes place when the SA is checked in due
386 * to other id not known until the 3rd message.*/
387 this->ike_sa->set_condition(this->ike_sa, COND_INIT_CONTACT_SEEN, TRUE);
388 }
389 }
390 else
391 {
392 DBG1(DBG_IKE, "received %N notify", notify_type_names, type);
393 }
394 }
395 }
396 enumerator->destroy(enumerator);
397
398 return err;
399 }
400
401 METHOD(task_t, build_notify_error, status_t,
402 private_main_mode_t *this, message_t *message)
403 {
404 notify_payload_t *notify;
405 ike_sa_id_t *ike_sa_id;
406 chunk_t spi;
407 u_int64_t spi_i, spi_r;
408
409 notify = notify_payload_create_from_protocol_and_type(NOTIFY_V1,
410 PROTO_IKE, this->notify_type);
411
412 if (this->notify_data.ptr)
413 {
414 notify->set_notification_data(notify, this->notify_data);
415 }
416
417 ike_sa_id = this->ike_sa->get_id(this->ike_sa);
418
419 spi_i = ike_sa_id->get_initiator_spi(ike_sa_id);
420 spi_r = ike_sa_id->get_responder_spi(ike_sa_id);
421
422 spi = chunk_cata("cc", chunk_from_thing(spi_i), chunk_from_thing(spi_r));
423
424 notify->set_spi_data(notify, spi);
425
426 message->add_payload(message, (payload_t*)notify);
427
428 return SUCCESS;
429 }
430
431 /**
432 * Set the task ready to build notify error message
433 */
434 static status_t set_notify_error(private_main_mode_t *this,
435 notify_type_t type, chunk_t data)
436 {
437 this->notify_type = type;
438 this->notify_data = data;
439 /* The task will be destroyed after build */
440 this->public.task.build = _build_notify_error;
441 return FAILED_SEND_ERROR;
442 }
443
444 METHOD(task_t, build_i, status_t,
445 private_main_mode_t *this, message_t *message)
446 {
447 switch (this->state)
448 {
449 case MM_INIT:
450 {
451 sa_payload_t *sa_payload;
452 linked_list_t *proposals;
453 packet_t *packet;
454
455 this->ike_cfg = this->ike_sa->get_ike_cfg(this->ike_sa);
456 DBG0(DBG_IKE, "initiating IKE_SA %s[%d] to %H",
457 this->ike_sa->get_name(this->ike_sa),
458 this->ike_sa->get_unique_id(this->ike_sa),
459 this->ike_sa->get_other_host(this->ike_sa));
460 this->ike_sa->set_state(this->ike_sa, IKE_CONNECTING);
461
462 this->peer_cfg = this->ike_sa->get_peer_cfg(this->ike_sa);
463 this->peer_cfg->get_ref(this->peer_cfg);
464
465 this->my_auth = get_auth_cfg(this, TRUE);
466 this->other_auth = get_auth_cfg(this, FALSE);
467 if (!this->my_auth || !this->other_auth)
468 {
469 DBG1(DBG_CFG, "no auth config found");
470 return FAILED;
471 }
472 this->auth_method = get_auth_method(this, this->peer_cfg);
473 if (this->auth_method == AUTH_NONE)
474 {
475 DBG1(DBG_CFG, "configuration uses unsupported authentication");
476 return FAILED;
477 }
478 this->lifetime = this->peer_cfg->get_reauth_time(this->peer_cfg,
479 FALSE);
480 if (!this->lifetime)
481 { /* fall back to rekey time of no rekey time configured */
482 this->lifetime = this->peer_cfg->get_rekey_time(this->peer_cfg,
483 FALSE);
484 }
485 proposals = this->ike_cfg->get_proposals(this->ike_cfg);
486 sa_payload = sa_payload_create_from_proposals_v1(proposals,
487 this->lifetime, 0, this->auth_method, MODE_NONE, FALSE);
488 proposals->destroy_offset(proposals, offsetof(proposal_t, destroy));
489
490 message->add_payload(message, &sa_payload->payload_interface);
491
492 /* pregenerate message to store SA payload */
493 if (this->ike_sa->generate_message(this->ike_sa, message,
494 &packet) != SUCCESS)
495 {
496 DBG1(DBG_IKE, "pregenerating SA payload failed");
497 return FAILED;
498 }
499 packet->destroy(packet);
500 if (!save_sa_payload(this, message))
501 {
502 DBG1(DBG_IKE, "SA payload invalid");
503 return FAILED;
504 }
505
506 this->state = MM_SA;
507 return NEED_MORE;
508 }
509 case MM_SA:
510 {
511 u_int16_t group;
512
513 if (!this->keymat->create_hasher(this->keymat, this->proposal))
514 {
515 return FAILED;
516 }
517 if (!this->proposal->get_algorithm(this->proposal,
518 DIFFIE_HELLMAN_GROUP, &group, NULL))
519 {
520 DBG1(DBG_IKE, "DH group selection failed");
521 return FAILED;
522 }
523 this->dh = this->keymat->keymat.create_dh(&this->keymat->keymat,
524 group);
525 if (!this->dh)
526 {
527 DBG1(DBG_IKE, "negotiated DH group not supported");
528 return FAILED;
529 }
530 if (!add_nonce_ke(this, &this->nonce_i, message))
531 {
532 return FAILED;
533 }
534 this->state = MM_KE;
535 return NEED_MORE;
536 }
537 case MM_KE:
538 {
539 id_payload_t *id_payload;
540 identification_t *id;
541
542 id = this->my_auth->get(this->my_auth, AUTH_RULE_IDENTITY);
543 if (!id)
544 {
545 DBG1(DBG_CFG, "own identity not known");
546 return FAILED;
547 }
548
549 this->ike_sa->set_my_id(this->ike_sa, id->clone(id));
550
551 id_payload = id_payload_create_from_identification(ID_V1, id);
552 message->add_payload(message, &id_payload->payload_interface);
553
554 if (this->authenticator->build(this->authenticator,
555 message) != SUCCESS)
556 {
557 return FAILED;
558 }
559 this->state = MM_AUTH;
560 return NEED_MORE;
561 }
562 default:
563 return FAILED;
564 }
565 }
566
567 METHOD(task_t, process_r, status_t,
568 private_main_mode_t *this, message_t *message)
569 {
570 switch (this->state)
571 {
572 case MM_INIT:
573 {
574 linked_list_t *list;
575 sa_payload_t *sa_payload;
576
577 this->ike_cfg = this->ike_sa->get_ike_cfg(this->ike_sa);
578 DBG0(DBG_IKE, "%H is initiating a Main Mode",
579 message->get_source(message));
580 this->ike_sa->set_state(this->ike_sa, IKE_CONNECTING);
581
582 this->ike_sa->update_hosts(this->ike_sa,
583 message->get_destination(message),
584 message->get_source(message), TRUE);
585
586 sa_payload = (sa_payload_t*)message->get_payload(message,
587 SECURITY_ASSOCIATION_V1);
588 if (!sa_payload || !save_sa_payload(this, message))
589 {
590 DBG1(DBG_IKE, "SA payload missing or invalid");
591 return FAILED;
592 }
593
594 list = sa_payload->get_proposals(sa_payload);
595 this->proposal = this->ike_cfg->select_proposal(this->ike_cfg,
596 list, FALSE);
597 list->destroy_offset(list, offsetof(proposal_t, destroy));
598 if (!this->proposal)
599 {
600 DBG1(DBG_IKE, "no proposal found");
601 return set_notify_error(this, NO_PROPOSAL_CHOSEN, chunk_empty);
602 }
603
604 this->auth_method = sa_payload->get_auth_method(sa_payload);
605 this->lifetime = sa_payload->get_lifetime(sa_payload);
606
607 this->state = MM_SA;
608 return NEED_MORE;
609 }
610 case MM_SA:
611 {
612 u_int16_t group;
613
614 if (!this->keymat->create_hasher(this->keymat, this->proposal))
615 {
616 return FAILED;
617 }
618 if (!this->proposal->get_algorithm(this->proposal,
619 DIFFIE_HELLMAN_GROUP, &group, NULL))
620 {
621 DBG1(DBG_IKE, "DH group selection failed");
622 return FAILED;
623 }
624 this->dh = lib->crypto->create_dh(lib->crypto, group);
625 if (!this->dh)
626 {
627 DBG1(DBG_IKE, "negotiated DH group not supported");
628 return FAILED;
629 }
630 if (!get_nonce_ke(this, &this->nonce_i, message))
631 {
632 return FAILED;
633 }
634 this->state = MM_KE;
635 return NEED_MORE;
636 }
637 case MM_KE:
638 {
639 id_payload_t *id_payload;
640 identification_t *id;
641
642 id_payload = (id_payload_t*)message->get_payload(message, ID_V1);
643 if (!id_payload)
644 {
645 DBG1(DBG_IKE, "IDii payload missing");
646 return FAILED;
647 }
648
649 id = id_payload->get_identification(id_payload);
650 this->ike_sa->set_other_id(this->ike_sa, id);
651 this->peer_cfg = select_config(this, id);
652 if (!this->peer_cfg)
653 {
654 DBG1(DBG_IKE, "no peer config found");
655 return set_notify_error(this, AUTHENTICATION_FAILED, chunk_empty);
656 }
657 this->ike_sa->set_peer_cfg(this->ike_sa, this->peer_cfg);
658
659 this->my_auth = get_auth_cfg(this, TRUE);
660 this->other_auth = get_auth_cfg(this, FALSE);
661 if (!this->my_auth || !this->other_auth)
662 {
663 DBG1(DBG_IKE, "auth config missing");
664 return set_notify_error(this, AUTHENTICATION_FAILED, chunk_empty);
665 }
666
667 if (this->authenticator->process(this->authenticator,
668 message) != SUCCESS)
669 {
670 return set_notify_error(this, AUTHENTICATION_FAILED, chunk_empty);
671 }
672 this->state = MM_AUTH;
673
674 if (has_notify_errors(this, message))
675 {
676 return FAILED;
677 }
678 return NEED_MORE;
679 }
680 default:
681 return FAILED;
682 }
683 }
684
685 /**
686 * Lookup a shared secret for this IKE_SA
687 */
688 static shared_key_t *lookup_shared_key(private_main_mode_t *this)
689 {
690 host_t *me, *other;
691 identification_t *my_id, *other_id;
692 shared_key_t *shared_key;
693
694 me = this->ike_sa->get_my_host(this->ike_sa);
695 other = this->ike_sa->get_other_host(this->ike_sa);
696 my_id = identification_create_from_sockaddr(me->get_sockaddr(me));
697 other_id = identification_create_from_sockaddr(other->get_sockaddr(other));
698 if (!my_id || !other_id)
699 {
700 DESTROY_IF(my_id);
701 DESTROY_IF(other_id);
702 return NULL;
703 }
704 shared_key = lib->credmgr->get_shared(lib->credmgr, SHARED_IKE, my_id,
705 other_id);
706 if (!shared_key)
707 {
708 DBG1(DBG_IKE, "no shared key found for %H - %H", me, other);
709 }
710 my_id->destroy(my_id);
711 other_id->destroy(other_id);
712 return shared_key;
713 }
714
715 /**
716 * Derive key material for this IKE_SA
717 */
718 static bool derive_keys(private_main_mode_t *this, chunk_t nonce_i,
719 chunk_t nonce_r)
720 {
721 ike_sa_id_t *id = this->ike_sa->get_id(this->ike_sa);
722 shared_key_t *shared_key = NULL;
723
724 switch (this->auth_method)
725 {
726 case AUTH_PSK:
727 case AUTH_XAUTH_INIT_PSK:
728 case AUTH_XAUTH_RESP_PSK:
729 shared_key = lookup_shared_key(this);
730 break;
731 default:
732 break;
733 }
734 if (!this->keymat->derive_ike_keys(this->keymat, this->proposal, this->dh,
735 this->dh_value, nonce_i, nonce_r, id, this->auth_method, shared_key))
736 {
737 DESTROY_IF(shared_key);
738 DBG1(DBG_IKE, "key derivation for %N failed",
739 auth_method_names, this->auth_method);
740 return FALSE;
741 }
742 DESTROY_IF(shared_key);
743 charon->bus->ike_keys(charon->bus, this->ike_sa, this->dh, nonce_i, nonce_r,
744 NULL);
745
746 this->authenticator = authenticator_create_v1(this->ike_sa, this->initiator,
747 this->auth_method, this->dh,
748 this->dh_value, this->sa_payload);
749 if (!this->authenticator)
750 {
751 DBG1(DBG_IKE, "negotiated authentication method %N not supported",
752 auth_method_names, this->auth_method);
753 return FALSE;
754 }
755 return TRUE;
756 }
757
758 /**
759 * Set IKE_SA to established state
760 */
761 static void establish(private_main_mode_t *this)
762 {
763 DBG0(DBG_IKE, "IKE_SA %s[%d] established between %H[%Y]...%H[%Y]",
764 this->ike_sa->get_name(this->ike_sa),
765 this->ike_sa->get_unique_id(this->ike_sa),
766 this->ike_sa->get_my_host(this->ike_sa),
767 this->ike_sa->get_my_id(this->ike_sa),
768 this->ike_sa->get_other_host(this->ike_sa),
769 this->ike_sa->get_other_id(this->ike_sa));
770
771 this->ike_sa->set_state(this->ike_sa, IKE_ESTABLISHED);
772 charon->bus->ike_updown(charon->bus, this->ike_sa, TRUE);
773 }
774
775 METHOD(task_t, build_r, status_t,
776 private_main_mode_t *this, message_t *message)
777 {
778 switch (this->state)
779 {
780 case MM_SA:
781 {
782 sa_payload_t *sa_payload;
783
784 sa_payload = sa_payload_create_from_proposal_v1(this->proposal,
785 this->lifetime, 0, this->auth_method, MODE_NONE, FALSE);
786 message->add_payload(message, &sa_payload->payload_interface);
787
788 return NEED_MORE;
789 }
790 case MM_KE:
791 {
792 if (!add_nonce_ke(this, &this->nonce_r, message))
793 {
794 return FAILED;
795 }
796 if (!derive_keys(this, this->nonce_i, this->nonce_r))
797 {
798 return FAILED;
799 }
800 return NEED_MORE;
801 }
802 case MM_AUTH:
803 {
804 id_payload_t *id_payload;
805 identification_t *id;
806
807 id = this->my_auth->get(this->my_auth, AUTH_RULE_IDENTITY);
808 if (!id)
809 {
810 DBG1(DBG_CFG, "own identity not known");
811 return FAILED;
812 }
813
814 this->ike_sa->set_my_id(this->ike_sa, id->clone(id));
815
816 id_payload = id_payload_create_from_identification(ID_V1, id);
817 message->add_payload(message, &id_payload->payload_interface);
818
819 if (this->authenticator->build(this->authenticator,
820 message) != SUCCESS)
821 {
822 return FAILED;
823 }
824
825 if (this->peer_cfg->get_virtual_ip(this->peer_cfg))
826 {
827 this->ike_sa->queue_task(this->ike_sa,
828 (task_t*)mode_config_create(this->ike_sa, TRUE));
829 }
830
831 switch (this->auth_method)
832 {
833 case AUTH_XAUTH_INIT_PSK:
834 case AUTH_XAUTH_INIT_RSA:
835 this->ike_sa->queue_task(this->ike_sa,
836 (task_t*)xauth_create(this->ike_sa, TRUE));
837 return SUCCESS;
838 case AUTH_XAUTH_RESP_PSK:
839 case AUTH_XAUTH_RESP_RSA:
840 /* TODO-IKEv1: not yet supported */
841 return FAILED;
842 default:
843 establish(this);
844 return SUCCESS;
845 }
846 }
847 default:
848 return FAILED;
849 }
850 }
851
852 METHOD(task_t, process_i, status_t,
853 private_main_mode_t *this, message_t *message)
854 {
855 switch (this->state)
856 {
857 case MM_SA:
858 {
859 linked_list_t *list;
860 sa_payload_t *sa_payload;
861 auth_method_t auth_method;
862 u_int32_t lifetime;
863
864 sa_payload = (sa_payload_t*)message->get_payload(message,
865 SECURITY_ASSOCIATION_V1);
866 if (!sa_payload)
867 {
868 DBG1(DBG_IKE, "SA payload missing");
869 return FAILED;
870 }
871 list = sa_payload->get_proposals(sa_payload);
872 this->proposal = this->ike_cfg->select_proposal(this->ike_cfg,
873 list, FALSE);
874 list->destroy_offset(list, offsetof(proposal_t, destroy));
875 if (!this->proposal)
876 {
877 DBG1(DBG_IKE, "no proposal found");
878 return FAILED;
879 }
880
881 lifetime = sa_payload->get_lifetime(sa_payload);
882 if (lifetime != this->lifetime)
883 {
884 DBG1(DBG_IKE, "received lifetime %us does not match configured "
885 "%us, using lower value", lifetime, this->lifetime);
886 }
887 this->lifetime = min(this->lifetime, lifetime);
888 auth_method = sa_payload->get_auth_method(sa_payload);
889 if (auth_method != this->auth_method)
890 {
891 DBG1(DBG_IKE, "received %N authentication, but configured %N, "
892 "continue with configured", auth_method_names, auth_method,
893 auth_method_names, this->auth_method);
894 }
895 return NEED_MORE;
896 }
897 case MM_KE:
898 {
899 if (!get_nonce_ke(this, &this->nonce_r, message))
900 {
901 return FAILED;
902 }
903 if (!derive_keys(this, this->nonce_i, this->nonce_r))
904 {
905 return FAILED;
906 }
907 return NEED_MORE;
908 }
909 case MM_AUTH:
910 {
911 id_payload_t *id_payload;
912 identification_t *id;
913
914 id_payload = (id_payload_t*)message->get_payload(message, ID_V1);
915 if (!id_payload)
916 {
917 DBG1(DBG_IKE, "IDir payload missing");
918 return FAILED;
919 }
920 id = id_payload->get_identification(id_payload);
921 if (!id->matches(id, this->other_auth->get(this->other_auth,
922 AUTH_RULE_IDENTITY)))
923 {
924 DBG1(DBG_IKE, "IDir does not match");
925 id->destroy(id);
926 return FAILED;
927 }
928 this->ike_sa->set_other_id(this->ike_sa, id);
929
930 if (this->authenticator->process(this->authenticator,
931 message) != SUCCESS)
932 {
933 return FAILED;
934 }
935
936 switch (this->auth_method)
937 {
938 case AUTH_XAUTH_INIT_PSK:
939 case AUTH_XAUTH_INIT_RSA:
940 /* wait for XAUTH request */
941 return SUCCESS;
942 case AUTH_XAUTH_RESP_PSK:
943 case AUTH_XAUTH_RESP_RSA:
944 /* TODO-IKEv1: not yet */
945 return FAILED;
946 default:
947 establish(this);
948 return SUCCESS;
949 }
950 }
951 default:
952 return FAILED;
953 }
954 }
955
956 METHOD(task_t, get_type, task_type_t,
957 private_main_mode_t *this)
958 {
959 return TASK_MAIN_MODE;
960 }
961
962 METHOD(task_t, migrate, void,
963 private_main_mode_t *this, ike_sa_t *ike_sa)
964 {
965 this->ike_sa = ike_sa;
966 }
967
968 METHOD(task_t, destroy, void,
969 private_main_mode_t *this)
970 {
971 DESTROY_IF(this->peer_cfg);
972 DESTROY_IF(this->proposal);
973 DESTROY_IF(this->dh);
974 DESTROY_IF(this->authenticator);
975 free(this->dh_value.ptr);
976 free(this->nonce_i.ptr);
977 free(this->nonce_r.ptr);
978 free(this->sa_payload.ptr);
979 free(this);
980 }
981
982 /*
983 * Described in header.
984 */
985 main_mode_t *main_mode_create(ike_sa_t *ike_sa, bool initiator)
986 {
987 private_main_mode_t *this;
988
989 INIT(this,
990 .public = {
991 .task = {
992 .get_type = _get_type,
993 .migrate = _migrate,
994 .destroy = _destroy,
995 },
996 },
997 .ike_sa = ike_sa,
998 .keymat = (keymat_v1_t*)ike_sa->get_keymat(ike_sa),
999 .initiator = initiator,
1000 .state = MM_INIT,
1001 );
1002
1003 if (initiator)
1004 {
1005 this->public.task.build = _build_i;
1006 this->public.task.process = _process_i;
1007 }
1008 else
1009 {
1010 this->public.task.build = _build_r;
1011 this->public.task.process = _process_r;
1012 }
1013
1014 return &this->public;
1015 }