moved CHILD_SA key derivation to keymat_t
[strongswan.git] / src / charon / sa / tasks / ike_init.c
index d145672..522d1d7 100644 (file)
@@ -1,12 +1,6 @@
-/**
- * @file ike_init.c
- *
- * @brief Implementation of the ike_init task.
- *
- */
-
 /*
- * Copyright (C) 2005-2007 Martin Willi
+ * Copyright (C) 2008 Tobias Brunner
+ * Copyright (C) 2005-2008 Martin Willi
  * Copyright (C) 2005 Jan Hutter
  * Hochschule fuer Technik Rapperswil
  *
@@ -19,6 +13,8 @@
  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * for more details.
+ *
+ * $Id$
  */
 
 #include "ike_init.h"
@@ -30,6 +26,7 @@
 #include <encoding/payloads/sa_payload.h>
 #include <encoding/payloads/ke_payload.h>
 #include <encoding/payloads/nonce_payload.h>
+#include <encoding/payloads/vendor_id_payload.h>
 
 /** maximum retries to do with cookies/other dh groups */
 #define MAX_RETRIES 5
@@ -67,11 +64,16 @@ struct private_ike_init_t {
        diffie_hellman_group_t dh_group;
        
        /**
-        * Diffie hellman object used to generate public DH value.
+        * diffie hellman key exchange
         */
        diffie_hellman_t *dh;
        
        /**
+        * Keymat derivation (from IKE_SA)
+        */
+       keymat_t *keymat;
+       
+       /**
         * nonce chosen by us
         */
        chunk_t my_nonce;
@@ -195,7 +197,8 @@ static void process_payloads(private_ike_init_t *this, message_t *message)
                                this->dh_group = ke_payload->get_dh_group_number(ke_payload);
                                if (!this->initiator)
                                {
-                                       this->dh = diffie_hellman_create(this->dh_group);
+                                       this->dh = this->keymat->create_dh(this->keymat,
+                                                                                                          this->dh_group);
                                }
                                if (this->dh)
                                {
@@ -207,9 +210,17 @@ static void process_payloads(private_ike_init_t *this, message_t *message)
                        case NONCE:
                        {
                                nonce_payload_t *nonce_payload = (nonce_payload_t*)payload;
+
                                this->other_nonce = nonce_payload->get_nonce(nonce_payload);
                                break;
                        }
+                       case VENDOR_ID:
+                       {
+                               vendor_id_payload_t *vendor_id = (vendor_id_payload_t*)payload;
+                               chunk_t vid = vendor_id->get_data(vendor_id);
+
+                               DBG1(DBG_ENC, "received vendor id: %#B", &vid);                                 
+                       }
                        default:
                                break;
                }
@@ -222,28 +233,29 @@ static void process_payloads(private_ike_init_t *this, message_t *message)
  */
 static status_t build_i(private_ike_init_t *this, message_t *message)
 {
-       randomizer_t *randomizer;
-       status_t status;
+       rng_t *rng;
        
        this->config = this->ike_sa->get_ike_cfg(this->ike_sa);
-       SIG(IKE_UP_START, "initiating IKE_SA to %H",
-               this->config->get_other_host(this->config));
+       DBG0(DBG_IKE, "initiating IKE_SA %s[%d] to %H",
+                this->ike_sa->get_name(this->ike_sa),
+                this->ike_sa->get_unique_id(this->ike_sa),
+                this->ike_sa->get_other_host(this->ike_sa));
        this->ike_sa->set_state(this->ike_sa, IKE_CONNECTING);
        
        if (this->retry++ >= MAX_RETRIES)
        {
-               SIG(IKE_UP_FAILED, "giving up after %d retries", MAX_RETRIES);
+               DBG1(DBG_IKE, "giving up after %d retries", MAX_RETRIES);
                return FAILED;
        }
-
+       
        /* if the DH group is set via use_dh_group(), we already have a DH object */
        if (!this->dh)
        {
                this->dh_group = this->config->get_dh_group(this->config);
-               this->dh = diffie_hellman_create(this->dh_group);
-               if (this->dh == NULL)
+               this->dh = this->keymat->create_dh(this->keymat, this->dh_group);
+               if (!this->dh)
                {
-                       SIG(IKE_UP_FAILED, "configured DH group %N not supported",
+                       DBG1(DBG_IKE, "configured DH group %N not supported",
                                diffie_hellman_group_names, this->dh_group);
                        return FAILED;
                }
@@ -252,15 +264,14 @@ static status_t build_i(private_ike_init_t *this, message_t *message)
        /* generate nonce only when we are trying the first time */
        if (this->my_nonce.ptr == NULL)
        {
-               randomizer = randomizer_create();
-               status = randomizer->allocate_pseudo_random_bytes(randomizer, NONCE_SIZE,
-                                                                                                                 &this->my_nonce);
-               randomizer->destroy(randomizer);
-               if (status != SUCCESS)
+               rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK);
+               if (!rng)
                {
-                       SIG(IKE_UP_FAILED, "error generating random nonce value");
+                       DBG1(DBG_IKE, "error generating nonce");
                        return FAILED;
                }
+               rng->allocate_bytes(rng, NONCE_SIZE, &this->my_nonce);
+               rng->destroy(rng);
        }
        
        if (this->cookie.ptr)
@@ -269,30 +280,89 @@ static status_t build_i(private_ike_init_t *this, message_t *message)
        }
        
        build_payloads(this, message);
-       
+
+#ifdef ME
+       {
+               chunk_t connect_id = this->ike_sa->get_connect_id(this->ike_sa);
+               if (connect_id.ptr)
+               {
+                       message->add_notify(message, FALSE, ME_CONNECTID, connect_id);
+               }
+       }
+#endif /* ME */
        
        return NEED_MORE;
 }
 
 /**
- * Implementation of task_t.process for initiator
+ * Implementation of task_t.process for responder
  */
 static status_t process_r(private_ike_init_t *this, message_t *message)
 {      
-       randomizer_t *randomizer;
+       rng_t *rng;
        
        this->config = this->ike_sa->get_ike_cfg(this->ike_sa);
-       SIG(IKE_UP_FAILED, "%H is initiating an IKE_SA",
-               message->get_source(message));
+       DBG0(DBG_IKE, "%H is initiating an IKE_SA", message->get_source(message));
        this->ike_sa->set_state(this->ike_sa, IKE_CONNECTING);
 
-       randomizer = randomizer_create();
-       if (randomizer->allocate_pseudo_random_bytes(randomizer, NONCE_SIZE,
-                                                                                                &this->my_nonce) != SUCCESS)
+       rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK);
+       if (!rng)
+       {
+               DBG1(DBG_IKE, "error generating nonce");
+               return FAILED;
+       }
+       rng->allocate_bytes(rng, NONCE_SIZE, &this->my_nonce);
+       rng->destroy(rng);
+       
+#ifdef ME
        {
-               DBG1(DBG_IKE, "error generating random nonce value");
+               chunk_t connect_id = chunk_empty;
+               iterator_t *iterator;
+               payload_t *payload;
+       
+               /* check for a ME_CONNECTID notify */
+               iterator = message->get_payload_iterator(message);
+               while (iterator->iterate(iterator, (void**)&payload))
+               {
+                       if (payload->get_type(payload) == NOTIFY)
+                       {
+                               notify_payload_t *notify = (notify_payload_t*)payload;
+                               notify_type_t type = notify->get_notify_type(notify);
+                       
+                               switch (type)
+                               {
+                                       case ME_CONNECTID:
+                                       {
+                                               chunk_free(&connect_id);
+                                               connect_id = chunk_clone(notify->get_notification_data(notify));
+                                               DBG2(DBG_IKE, "received ME_CONNECTID %#B", &connect_id);
+                                               break;
+                                       }
+                                       default:
+                                       {
+                                               if (type < 16383)
+                                               {
+                                                       DBG1(DBG_IKE, "received %N notify error",
+                                                               notify_type_names, type);
+                                                       break;  
+                                               }
+                                               DBG2(DBG_IKE, "received %N notify",
+                                                       notify_type_names, type);
+                                               break;
+                                       }
+                               }
+                       }
+               }
+               iterator->destroy(iterator);
+               
+               if (connect_id.ptr)
+               {
+                       charon->connect_manager->stop_checks(charon->connect_manager,
+                               connect_id);
+                       chunk_free(&connect_id);
+               }
        }
-       randomizer->destroy(randomizer);
+#endif /* ME */
        
        process_payloads(this, message);
        
@@ -304,30 +374,29 @@ static status_t process_r(private_ike_init_t *this, message_t *message)
  */
 static status_t build_r(private_ike_init_t *this, message_t *message)
 {
-       chunk_t secret;
-       status_t status;
-
+       keymat_t *old_keymat = NULL;
+       ike_sa_id_t *id;
+       
        /* check if we have everything we need */
        if (this->proposal == NULL ||
                this->other_nonce.len == 0 || this->my_nonce.len == 0)
        {
-               SIG(IKE_UP_FAILED, "received proposals inacceptable");
+               DBG1(DBG_IKE, "received proposals inacceptable");
                message->add_notify(message, TRUE, NO_PROPOSAL_CHOSEN, chunk_empty);
                return FAILED;
        }
        
        if (this->dh == NULL ||
-               !this->proposal->has_dh_group(this->proposal, this->dh_group) ||
-               this->dh->get_shared_secret(this->dh, &secret) != SUCCESS)
+               !this->proposal->has_dh_group(this->proposal, this->dh_group))
        {
-               algorithm_t *algo;
+               u_int16_t group;
+               
                if (this->proposal->get_algorithm(this->proposal, DIFFIE_HELLMAN_GROUP,
-                                                                                 &algo))
+                                                                                 &group, NULL))
                {
-                       u_int16_t group = algo->algorithm;
-                       SIG(CHILD_UP_FAILED, "DH group %N inacceptable, requesting %N",
-                               diffie_hellman_group_names, this->dh_group,
-                               diffie_hellman_group_names, group);
+                       DBG1(DBG_IKE, "DH group %N inacceptable, requesting %N",
+                                diffie_hellman_group_names, this->dh_group,
+                                diffie_hellman_group_names, group);
                        this->dh_group = group;
                        group = htons(group);
                        message->add_notify(message, FALSE, INVALID_KE_PAYLOAD,
@@ -335,43 +404,26 @@ static status_t build_r(private_ike_init_t *this, message_t *message)
                }
                else
                {
-                       SIG(IKE_UP_FAILED, "no acceptable proposal found");
+                       DBG1(DBG_IKE, "no acceptable proposal found");
                }
                return FAILED;
        }
        
+       id = this->ike_sa->get_id(this->ike_sa);
        if (this->old_sa)
-       {
-               ike_sa_id_t *id;
-               prf_t *prf, *child_prf;
-                               
-               /* Apply SPI if we are rekeying */
-               id = this->ike_sa->get_id(this->ike_sa);
+       {       /* rekeying: Apply SPI, include keymat from old SA in key derivation */
                id->set_initiator_spi(id, this->proposal->get_spi(this->proposal));
-       
-               /* setup crypto keys for the rekeyed SA */
-               prf = this->old_sa->get_prf(this->old_sa);
-               child_prf = this->old_sa->get_child_prf(this->old_sa);
-               status = this->ike_sa->derive_keys(this->ike_sa, this->proposal, secret, 
-                                                                                  this->other_nonce, this->my_nonce,
-                                                                                  FALSE, child_prf, prf);
+               old_keymat = this->old_sa->get_keymat(this->old_sa);
        }
-       else
+       if (!this->keymat->derive_ike_keys(this->keymat, this->proposal, this->dh,
+                                                       this->other_nonce, this->my_nonce, id, old_keymat))
        {
-               /* setup crypto keys */
-               status =  this->ike_sa->derive_keys(this->ike_sa, this->proposal, secret, 
-                                                                                   this->other_nonce, this->my_nonce,
-                                                                                   FALSE, NULL, NULL);
-       }
-       if (status != SUCCESS)
-       {
-               SIG(IKE_UP_FAILED, "key derivation failed");
+               DBG1(DBG_IKE, "key derivation failed");
                message->add_notify(message, TRUE, NO_PROPOSAL_CHOSEN, chunk_empty);
                return FAILED;
        }
        
        build_payloads(this, message);
-
        return SUCCESS;
 }
 
@@ -380,8 +432,8 @@ static status_t build_r(private_ike_init_t *this, message_t *message)
  */
 static status_t process_i(private_ike_init_t *this, message_t *message)
 {
-       chunk_t secret;
-       status_t status;
+       keymat_t *old_keymat = NULL;
+       ike_sa_id_t *id;
        iterator_t *iterator;
        payload_t *payload;
 
@@ -426,19 +478,19 @@ static status_t process_i(private_ike_init_t *this, message_t *message)
                                        this->cookie = chunk_clone(notify->get_notification_data(notify));
                                        this->ike_sa->reset(this->ike_sa);
                                        iterator->destroy(iterator);
-                                       DBG1(DBG_IKE, "received %N notify", notify_type_names, type);
+                                       DBG2(DBG_IKE, "received %N notify", notify_type_names, type);
                                        return NEED_MORE;
                                }
                                default:
                                {
                                        if (type < 16383)
                                        {
-                                               SIG(IKE_UP_FAILED, "received %N notify error",
+                                               DBG1(DBG_IKE, "received %N notify error",
                                                         notify_type_names, type);
                                                iterator->destroy(iterator);
                                                return FAILED;  
                                        }
-                                       DBG1(DBG_IKE, "received %N notify",
+                                       DBG2(DBG_IKE, "received %N notify",
                                                notify_type_names, type);
                                        break;
                                }
@@ -453,46 +505,30 @@ static status_t process_i(private_ike_init_t *this, message_t *message)
        if (this->proposal == NULL ||
                this->other_nonce.len == 0 || this->my_nonce.len == 0)
        {
-               SIG(IKE_UP_FAILED, "peers proposal selection invalid");
+               DBG1(DBG_IKE, "peers proposal selection invalid");
                return FAILED;
        }
        
        if (this->dh == NULL ||
-               !this->proposal->has_dh_group(this->proposal, this->dh_group) ||
-               this->dh->get_shared_secret(this->dh, &secret) != SUCCESS)
+               !this->proposal->has_dh_group(this->proposal, this->dh_group))
        {
-               SIG(IKE_UP_FAILED, "peers DH group selection invalid");
+               DBG1(DBG_IKE, "peer DH group selection invalid");
                return FAILED;
        }
        
-       /* Apply SPI if we are rekeying */
+       id = this->ike_sa->get_id(this->ike_sa);
        if (this->old_sa)
-       {
-               ike_sa_id_t *id;
-               prf_t *prf, *child_prf;
-               
-               id = this->ike_sa->get_id(this->ike_sa);
+       {       /* rekeying: Apply SPI, include keymat from old SA in key derivation */
                id->set_responder_spi(id, this->proposal->get_spi(this->proposal));
-               
-               /* setup crypto keys for the rekeyed SA */
-               prf = this->old_sa->get_prf(this->old_sa);
-               child_prf = this->old_sa->get_child_prf(this->old_sa);
-               status = this->ike_sa->derive_keys(this->ike_sa, this->proposal, secret, 
-                                                                                   this->my_nonce, this->other_nonce,
-                                                                                   TRUE, child_prf, prf);
+               old_keymat = this->old_sa->get_keymat(this->old_sa);
        }
-       else
-       {
-               /* setup crypto keys for a new SA */
-               status = this->ike_sa->derive_keys(this->ike_sa, this->proposal, secret, 
-                                                                                  this->my_nonce, this->other_nonce,
-                                                                                  TRUE, NULL, NULL);
-       }
-       if (status != SUCCESS)
+       if (!this->keymat->derive_ike_keys(this->keymat, this->proposal, this->dh,
+                                                       this->my_nonce, this->other_nonce, id, old_keymat))
        {
-               SIG(IKE_UP_FAILED, "key derivation failed");
+               DBG1(DBG_IKE, "key derivation failed");
                return FAILED;
        }
+       
        return SUCCESS;
 }
 
@@ -526,12 +562,12 @@ static chunk_t get_lower_nonce(private_ike_init_t *this)
 static void migrate(private_ike_init_t *this, ike_sa_t *ike_sa)
 {
        DESTROY_IF(this->proposal);
-       DESTROY_IF(this->dh);
        chunk_free(&this->other_nonce);
        
        this->ike_sa = ike_sa;
        this->proposal = NULL;
-       this->dh = diffie_hellman_create(this->dh_group);
+       DESTROY_IF(this->dh);
+       this->dh = this->keymat->create_dh(this->keymat, this->dh_group);
 }
 
 /**
@@ -539,8 +575,8 @@ static void migrate(private_ike_init_t *this, ike_sa_t *ike_sa)
  */
 static void destroy(private_ike_init_t *this)
 {
-       DESTROY_IF(this->proposal);
        DESTROY_IF(this->dh);
+       DESTROY_IF(this->proposal);
        chunk_free(&this->my_nonce);
        chunk_free(&this->other_nonce);
        chunk_free(&this->cookie);
@@ -573,6 +609,7 @@ ike_init_t *ike_init_create(ike_sa_t *ike_sa, bool initiator, ike_sa_t *old_sa)
        this->initiator = initiator;
        this->dh_group = MODP_NONE;
        this->dh = NULL;
+       this->keymat = ike_sa->get_keymat(ike_sa);
        this->my_nonce = chunk_empty;
        this->other_nonce = chunk_empty;
        this->cookie = chunk_empty;