Accept NULL identities passed to peer config enumeration
[strongswan.git] / src / libcharon / sa / tasks / main_mode.c
old mode 100644 (file)
new mode 100755 (executable)
index 2d9acf6..dbdc0c0
@@ -1,4 +1,7 @@
 /*
+ * Copyright (C) 2011 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
  * Copyright (C) 2011 Martin Willi
  * Copyright (C) 2011 revosec AG
  *
 #include <string.h>
 
 #include <daemon.h>
+#include <sa/keymat_v1.h>
 #include <crypto/diffie_hellman.h>
 #include <encoding/payloads/sa_payload.h>
 #include <encoding/payloads/ke_payload.h>
 #include <encoding/payloads/nonce_payload.h>
 #include <encoding/payloads/id_payload.h>
+#include <encoding/payloads/hash_payload.h>
+#include <sa/tasks/xauth.h>
+#include <sa/tasks/mode_config.h>
 
 typedef struct private_main_mode_t private_main_mode_t;
 
@@ -77,6 +84,11 @@ struct private_main_mode_t {
        diffie_hellman_t *dh;
 
        /**
+        * Keymat derivation (from SA)
+        */
+       keymat_v1_t *keymat;
+
+       /**
         * Received public DH value from peer
         */
        chunk_t dh_value;
@@ -91,6 +103,36 @@ struct private_main_mode_t {
         */
        chunk_t nonce_r;
 
+       /**
+        * Encoded SA initiator payload used for authentication
+        */
+       chunk_t sa_payload;
+
+       /**
+        * Negotiated SA lifetime
+        */
+       u_int32_t lifetime;
+
+       /**
+        * Negotiated authentication method
+        */
+       auth_method_t auth_method;
+
+       /**
+        * Authenticator to use
+        */
+       authenticator_t *authenticator;
+
+       /**
+        * Notify type in case of error
+        */
+       notify_type_t notify_type;
+
+       /**
+        * Notify data in case of error
+        */
+       chunk_t notify_data;
+
        /** states of main mode */
        enum {
                MM_INIT,
@@ -115,6 +157,290 @@ static auth_cfg_t *get_auth_cfg(private_main_mode_t *this, bool local)
        return cfg;
 }
 
+/**
+ * Save the encoded SA payload of a message
+ */
+static bool save_sa_payload(private_main_mode_t *this, message_t *message)
+{
+       enumerator_t *enumerator;
+       payload_t *payload, *sa = NULL;
+       chunk_t data;
+       size_t offset = IKE_HEADER_LENGTH;
+
+       enumerator = message->create_payload_enumerator(message);
+       while (enumerator->enumerate(enumerator, &payload))
+       {
+               if (payload->get_type(payload) == SECURITY_ASSOCIATION_V1)
+               {
+                       sa = payload;
+                       break;
+               }
+               else
+               {
+                       offset += payload->get_length(payload);
+               }
+       }
+       enumerator->destroy(enumerator);
+
+       data = message->get_packet_data(message);
+       if (sa && data.len >= offset + sa->get_length(sa))
+       {
+               /* Get SA payload without 4 byte fixed header */
+               data = chunk_skip(data, offset);
+               data.len = sa->get_length(sa);
+               data = chunk_skip(data, 4);
+               this->sa_payload = chunk_clone(data);
+               return TRUE;
+       }
+       return FALSE;
+}
+
+/**
+ * Generate and add NONCE, KE payload
+ */
+static bool add_nonce_ke(private_main_mode_t *this, chunk_t *nonce,
+                                                message_t *message)
+{
+       nonce_payload_t *nonce_payload;
+       ke_payload_t *ke_payload;
+       rng_t *rng;
+
+       ke_payload = ke_payload_create_from_diffie_hellman(KEY_EXCHANGE_V1,
+                                                                                                          this->dh);
+       message->add_payload(message, &ke_payload->payload_interface);
+
+       rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK);
+       if (!rng)
+       {
+               DBG1(DBG_IKE, "no RNG found to create nonce");
+               return FALSE;
+       }
+       rng->allocate_bytes(rng, NONCE_SIZE, nonce);
+       rng->destroy(rng);
+
+       nonce_payload = nonce_payload_create(NONCE_V1);
+       nonce_payload->set_nonce(nonce_payload, *nonce);
+       message->add_payload(message, &nonce_payload->payload_interface);
+
+       return TRUE;
+}
+
+/**
+ * Extract nonce from NONCE payload, process KE payload
+ */
+static bool get_nonce_ke(private_main_mode_t *this, chunk_t *nonce,
+                                                message_t *message)
+{
+       nonce_payload_t *nonce_payload;
+       ke_payload_t *ke_payload;
+
+       ke_payload = (ke_payload_t*)message->get_payload(message, KEY_EXCHANGE_V1);
+       if (!ke_payload)
+       {
+               DBG1(DBG_IKE, "KE payload missing in message");
+               return FALSE;
+       }
+       this->dh_value = chunk_clone(ke_payload->get_key_exchange_data(ke_payload));
+       this->dh->set_other_public_value(this->dh, this->dh_value);
+
+       nonce_payload = (nonce_payload_t*)message->get_payload(message, NONCE_V1);
+       if (!nonce_payload)
+       {
+               DBG1(DBG_IKE, "NONCE payload missing in message");
+               return FALSE;
+       }
+       *nonce = nonce_payload->get_nonce(nonce_payload);
+
+       return TRUE;
+}
+
+/**
+ * Get the two auth classes from local or remote config
+ */
+static void get_auth_class(peer_cfg_t *peer_cfg, bool local,
+                                                  auth_class_t *c1, auth_class_t *c2)
+{
+       enumerator_t *enumerator;
+       auth_cfg_t *auth;
+
+       *c1 = *c2 = AUTH_CLASS_ANY;
+
+       enumerator = peer_cfg->create_auth_cfg_enumerator(peer_cfg, local);
+       while (enumerator->enumerate(enumerator, &auth))
+       {
+               if (*c1 == AUTH_CLASS_ANY)
+               {
+                       *c1 = (uintptr_t)auth->get(auth, AUTH_RULE_AUTH_CLASS);
+               }
+               else
+               {
+                       *c2 = (uintptr_t)auth->get(auth, AUTH_RULE_AUTH_CLASS);
+                       break;
+               }
+       }
+       enumerator->destroy(enumerator);
+}
+
+/**
+ * Get auth method to use from a peer config
+ */
+static auth_method_t get_auth_method(private_main_mode_t *this,
+                                                                        peer_cfg_t *peer_cfg)
+{
+       auth_class_t i1, i2, r1, r2;
+
+       get_auth_class(peer_cfg, this->initiator, &i1, &i2);
+       get_auth_class(peer_cfg, !this->initiator, &r1, &r2);
+
+       if (i1 == AUTH_CLASS_PUBKEY && r1 == AUTH_CLASS_PUBKEY)
+       {
+               if (i2 == AUTH_CLASS_ANY && r2 == AUTH_CLASS_ANY)
+               {
+                       /* TODO-IKEv1: ECDSA? */
+                       return AUTH_RSA;
+               }
+               if (i2 == AUTH_CLASS_XAUTH)
+               {
+                       return AUTH_XAUTH_INIT_RSA;
+               }
+               if (r2 == AUTH_CLASS_XAUTH)
+               {
+                       return AUTH_XAUTH_RESP_RSA;
+               }
+       }
+       if (i1 == AUTH_CLASS_PSK && r1 == AUTH_CLASS_PSK)
+       {
+               if (i2 == AUTH_CLASS_ANY && r2 == AUTH_CLASS_ANY)
+               {
+                       return AUTH_PSK;
+               }
+               if (i2 == AUTH_CLASS_XAUTH)
+               {
+                       return AUTH_XAUTH_INIT_PSK;
+               }
+               if (r2 == AUTH_CLASS_XAUTH)
+               {
+                       return AUTH_XAUTH_RESP_PSK;
+               }
+       }
+       /* TODO-IKEv1: Hybrid methods? */
+       return AUTH_NONE;;
+}
+
+/**
+ * Select the best configuration as responder
+ */
+static peer_cfg_t *select_config(private_main_mode_t *this, identification_t *id)
+{
+       enumerator_t *enumerator;
+       peer_cfg_t *current, *found = NULL;
+
+       enumerator = charon->backends->create_peer_cfg_enumerator(charon->backends,
+                                               this->ike_sa->get_my_host(this->ike_sa),
+                                               this->ike_sa->get_other_host(this->ike_sa), NULL, id);
+       while (enumerator->enumerate(enumerator, &current))
+       {
+               if (get_auth_method(this, current) == this->auth_method)
+               {
+                       found = current->get_ref(current);
+                       break;
+               }
+       }
+       enumerator->destroy(enumerator);
+
+       return found;
+}
+
+/**
+ * Check for notify errors, return TRUE if error found
+ */
+static bool has_notify_errors(private_main_mode_t *this, message_t *message)
+{
+       enumerator_t *enumerator;
+       payload_t *payload;
+       bool err = FALSE;
+
+       enumerator = message->create_payload_enumerator(message);
+       while (enumerator->enumerate(enumerator, &payload))
+       {
+               if (payload->get_type(payload) == NOTIFY_V1)
+               {
+                       notify_payload_t *notify;
+                       notify_type_t type;
+
+                       notify = (notify_payload_t*)payload;
+                       type = notify->get_notify_type(notify);
+                       if (type < 16384)
+                       {
+                               DBG1(DBG_IKE, "received %N error notify",
+                                        notify_type_names, type);
+                               err = TRUE;
+                       }
+                       else if (type == INITIAL_CONTACT_IKEV1)
+                       {
+                               if (!this->initiator && this->state == MM_AUTH)
+                               {
+                                       /* If authenticated and received INITIAL_CONTACT,
+                                        * delete any existing IKE_SAs with that peer.
+                                        * The delete takes place when the SA is checked in due
+                                        * to other id not known until the 3rd message.*/
+                                       this->ike_sa->set_condition(this->ike_sa, COND_INIT_CONTACT_SEEN, TRUE);
+                               }
+                       }
+                       else
+                       {
+                               DBG1(DBG_IKE, "received %N notify", notify_type_names, type);
+                       }
+               }
+       }
+       enumerator->destroy(enumerator);
+
+       return err;
+}
+
+METHOD(task_t, build_notify_error, status_t,
+       private_main_mode_t *this, message_t *message)
+{
+       notify_payload_t *notify;
+       ike_sa_id_t *ike_sa_id;
+       chunk_t spi;
+       u_int64_t spi_i, spi_r;
+
+       notify = notify_payload_create_from_protocol_and_type(NOTIFY_V1,
+                                               PROTO_IKE, this->notify_type);
+
+       if (this->notify_data.ptr)
+       {
+               notify->set_notification_data(notify, this->notify_data);
+       }
+
+       ike_sa_id = this->ike_sa->get_id(this->ike_sa);
+
+       spi_i = ike_sa_id->get_initiator_spi(ike_sa_id);
+       spi_r = ike_sa_id->get_responder_spi(ike_sa_id);
+
+       spi = chunk_cata("cc", chunk_from_thing(spi_i), chunk_from_thing(spi_r));
+
+       notify->set_spi_data(notify, spi);
+
+       message->add_payload(message, (payload_t*)notify);
+
+       return SUCCESS;
+}
+
+/**
+ * Set the task ready to build notify error message
+ */
+static status_t set_notify_error(private_main_mode_t *this,
+                                                                                                                                notify_type_t type, chunk_t data)
+{
+       this->notify_type = type;
+       this->notify_data = data;
+       /* The task will be destroyed after build */
+       this->public.task.build = _build_notify_error;
+       return FAILED_SEND_ERROR;
+}
+
 METHOD(task_t, build_i, status_t,
        private_main_mode_t *this, message_t *message)
 {
@@ -124,6 +450,7 @@ METHOD(task_t, build_i, status_t,
                {
                        sa_payload_t *sa_payload;
                        linked_list_t *proposals;
+                       packet_t *packet;
 
                        this->ike_cfg = this->ike_sa->get_ike_cfg(this->ike_sa);
                        DBG0(DBG_IKE, "initiating IKE_SA %s[%d] to %H",
@@ -132,53 +459,78 @@ METHOD(task_t, build_i, status_t,
                                 this->ike_sa->get_other_host(this->ike_sa));
                        this->ike_sa->set_state(this->ike_sa, IKE_CONNECTING);
 
-                       proposals = this->ike_cfg->get_proposals(this->ike_cfg);
+                       this->peer_cfg = this->ike_sa->get_peer_cfg(this->ike_sa);
+                       this->peer_cfg->get_ref(this->peer_cfg);
 
-                       sa_payload = sa_payload_create_from_proposal_list(
-                                                                                       SECURITY_ASSOCIATION_V1, proposals);
+                       this->my_auth = get_auth_cfg(this, TRUE);
+                       this->other_auth = get_auth_cfg(this, FALSE);
+                       if (!this->my_auth || !this->other_auth)
+                       {
+                               DBG1(DBG_CFG, "no auth config found");
+                               return FAILED;
+                       }
+                       this->auth_method = get_auth_method(this, this->peer_cfg);
+                       if (this->auth_method == AUTH_NONE)
+                       {
+                               DBG1(DBG_CFG, "configuration uses unsupported authentication");
+                               return FAILED;
+                       }
+                       this->lifetime = this->peer_cfg->get_reauth_time(this->peer_cfg,
+                                                                                                                       FALSE);
+                       if (!this->lifetime)
+                       {       /* fall back to rekey time of no rekey time configured */
+                               this->lifetime = this->peer_cfg->get_rekey_time(this->peer_cfg,
+                                                                                                                                FALSE);
+                       }
+                       proposals = this->ike_cfg->get_proposals(this->ike_cfg);
+                       sa_payload = sa_payload_create_from_proposals_v1(proposals,
+                                               this->lifetime, 0, this->auth_method, MODE_NONE, FALSE);
                        proposals->destroy_offset(proposals, offsetof(proposal_t, destroy));
 
                        message->add_payload(message, &sa_payload->payload_interface);
 
+                       /* pregenerate message to store SA payload */
+                       if (this->ike_sa->generate_message(this->ike_sa, message,
+                                                                                          &packet) != SUCCESS)
+                       {
+                               DBG1(DBG_IKE, "pregenerating SA payload failed");
+                               return FAILED;
+                       }
+                       packet->destroy(packet);
+                       if (!save_sa_payload(this, message))
+                       {
+                               DBG1(DBG_IKE, "SA payload invalid");
+                               return FAILED;
+                       }
+
                        this->state = MM_SA;
                        return NEED_MORE;
                }
                case MM_SA:
                {
-                       ke_payload_t *ke_payload;
-                       nonce_payload_t *nonce_payload;
                        u_int16_t group;
-                       rng_t *rng;
 
+                       if (!this->keymat->create_hasher(this->keymat, this->proposal))
+                       {
+                               return FAILED;
+                       }
                        if (!this->proposal->get_algorithm(this->proposal,
                                                                                DIFFIE_HELLMAN_GROUP, &group, NULL))
                        {
                                DBG1(DBG_IKE, "DH group selection failed");
                                return FAILED;
                        }
-                       this->dh = lib->crypto->create_dh(lib->crypto, group);
+                       this->dh = this->keymat->keymat.create_dh(&this->keymat->keymat,
+                                                                                                         group);
                        if (!this->dh)
                        {
                                DBG1(DBG_IKE, "negotiated DH group not supported");
                                return FAILED;
                        }
-                       ke_payload = ke_payload_create_from_diffie_hellman(KEY_EXCHANGE_V1,
-                                                                                                                          this->dh);
-                       message->add_payload(message, &ke_payload->payload_interface);
-
-                       rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK);
-                       if (!rng)
+                       if (!add_nonce_ke(this, &this->nonce_i, message))
                        {
-                               DBG1(DBG_IKE, "no RNG found to create nonce");
                                return FAILED;
                        }
-                       rng->allocate_bytes(rng, NONCE_SIZE, &this->nonce_i);
-                       rng->destroy(rng);
-
-                       nonce_payload = nonce_payload_create(NONCE_V1);
-                       nonce_payload->set_nonce(nonce_payload, this->nonce_i);
-                       message->add_payload(message, &nonce_payload->payload_interface);
-
                        this->state = MM_KE;
                        return NEED_MORE;
                }
@@ -187,16 +539,6 @@ METHOD(task_t, build_i, status_t,
                        id_payload_t *id_payload;
                        identification_t *id;
 
-                       this->peer_cfg = this->ike_sa->get_peer_cfg(this->ike_sa);
-                       this->peer_cfg->get_ref(this->peer_cfg);
-
-                       this->my_auth = get_auth_cfg(this, TRUE);
-                       this->other_auth = get_auth_cfg(this, FALSE);
-                       if (!this->my_auth || !this->other_auth)
-                       {
-                               DBG1(DBG_CFG, "no auth config found");
-                               return FAILED;
-                       }
                        id = this->my_auth->get(this->my_auth, AUTH_RULE_IDENTITY);
                        if (!id)
                        {
@@ -209,8 +551,11 @@ METHOD(task_t, build_i, status_t,
                        id_payload = id_payload_create_from_identification(ID_V1, id);
                        message->add_payload(message, &id_payload->payload_interface);
 
-                       /* TODO-IKEv1: authenticate */
-
+                       if (this->authenticator->build(this->authenticator,
+                                                                                  message) != SUCCESS)
+                       {
+                               return FAILED;
+                       }
                        this->state = MM_AUTH;
                        return NEED_MORE;
                }
@@ -226,7 +571,6 @@ METHOD(task_t, process_r, status_t,
        {
                case MM_INIT:
                {
-
                        linked_list_t *list;
                        sa_payload_t *sa_payload;
 
@@ -241,11 +585,12 @@ METHOD(task_t, process_r, status_t,
 
                        sa_payload = (sa_payload_t*)message->get_payload(message,
                                                                                                        SECURITY_ASSOCIATION_V1);
-                       if (!sa_payload)
+                       if (!sa_payload || !save_sa_payload(this, message))
                        {
-                               DBG1(DBG_IKE, "SA payload missing");
+                               DBG1(DBG_IKE, "SA payload missing or invalid");
                                return FAILED;
                        }
+
                        list = sa_payload->get_proposals(sa_payload);
                        this->proposal = this->ike_cfg->select_proposal(this->ike_cfg,
                                                                                                                        list, FALSE);
@@ -253,27 +598,23 @@ METHOD(task_t, process_r, status_t,
                        if (!this->proposal)
                        {
                                DBG1(DBG_IKE, "no proposal found");
-                               return FAILED;
+                               return set_notify_error(this, NO_PROPOSAL_CHOSEN, chunk_empty);
                        }
+
+                       this->auth_method = sa_payload->get_auth_method(sa_payload);
+                       this->lifetime = sa_payload->get_lifetime(sa_payload);
+
                        this->state = MM_SA;
                        return NEED_MORE;
                }
                case MM_SA:
                {
-                       ke_payload_t *ke_payload;
-                       nonce_payload_t *nonce_payload;
                        u_int16_t group;
 
-                       ke_payload = (ke_payload_t*)message->get_payload(message,
-                                                                                                                        KEY_EXCHANGE_V1);
-                       if (!ke_payload)
+                       if (!this->keymat->create_hasher(this->keymat, this->proposal))
                        {
-                               DBG1(DBG_IKE, "KE payload missing");
                                return FAILED;
                        }
-                       this->dh_value = ke_payload->get_key_exchange_data(ke_payload);
-                       this->dh_value = chunk_clone(this->dh_value);
-
                        if (!this->proposal->get_algorithm(this->proposal,
                                                                                DIFFIE_HELLMAN_GROUP, &group, NULL))
                        {
@@ -286,26 +627,17 @@ METHOD(task_t, process_r, status_t,
                                DBG1(DBG_IKE, "negotiated DH group not supported");
                                return FAILED;
                        }
-                       this->dh->set_other_public_value(this->dh, this->dh_value);
-
-
-                       nonce_payload = (nonce_payload_t*)message->get_payload(message,
-                                                                                                                                  NONCE_V1);
-                       if (!nonce_payload)
+                       if (!get_nonce_ke(this, &this->nonce_i, message))
                        {
-                               DBG1(DBG_IKE, "Nonce payload missing");
                                return FAILED;
                        }
-                       this->nonce_i = nonce_payload->get_nonce(nonce_payload);
-
                        this->state = MM_KE;
                        return NEED_MORE;
                }
                case MM_KE:
                {
-                       enumerator_t *enumerator;
                        id_payload_t *id_payload;
-                       identification_t *id, *any;
+                       identification_t *id;
 
                        id_payload = (id_payload_t*)message->get_payload(message, ID_V1);
                        if (!id_payload)
@@ -315,39 +647,34 @@ METHOD(task_t, process_r, status_t,
                        }
 
                        id = id_payload->get_identification(id_payload);
-                       any = identification_create_from_encoding(ID_ANY, chunk_empty);
-                       enumerator = charon->backends->create_peer_cfg_enumerator(
-                                                                       charon->backends,
-                                                                       this->ike_sa->get_my_host(this->ike_sa),
-                                                                       this->ike_sa->get_other_host(this->ike_sa),
-                                                                       any, id);
-                       if (!enumerator->enumerate(enumerator, &this->peer_cfg))
+                       this->ike_sa->set_other_id(this->ike_sa, id);
+                       this->peer_cfg = select_config(this, id);
+                       if (!this->peer_cfg)
                        {
                                DBG1(DBG_IKE, "no peer config found");
-                               id->destroy(id);
-                               any->destroy(any);
-                               enumerator->destroy(enumerator);
-                               return FAILED;
+                               return set_notify_error(this, AUTHENTICATION_FAILED, chunk_empty);
                        }
-                       this->peer_cfg->get_ref(this->peer_cfg);
-                       enumerator->destroy(enumerator);
-                       any->destroy(any);
-
-                       this->ike_sa->set_other_id(this->ike_sa, id);
-
                        this->ike_sa->set_peer_cfg(this->ike_sa, this->peer_cfg);
 
                        this->my_auth = get_auth_cfg(this, TRUE);
                        this->other_auth = get_auth_cfg(this, FALSE);
                        if (!this->my_auth || !this->other_auth)
                        {
-                               DBG1(DBG_CFG, "auth config missing");
-                               return FAILED;
+                               DBG1(DBG_IKE, "auth config missing");
+                               return set_notify_error(this, AUTHENTICATION_FAILED, chunk_empty);
                        }
 
-                       /* TODO-IKEv1: authenticate peer */
-
+                       if (this->authenticator->process(this->authenticator,
+                                                                                        message) != SUCCESS)
+                       {
+                               return set_notify_error(this, AUTHENTICATION_FAILED, chunk_empty);
+                       }
                        this->state = MM_AUTH;
+
+                       if (has_notify_errors(this, message))
+                       {
+                               return FAILED;
+                       }
                        return NEED_MORE;
                }
                default:
@@ -355,6 +682,96 @@ METHOD(task_t, process_r, status_t,
        }
 }
 
+/**
+ * Lookup a shared secret for this IKE_SA
+ */
+static shared_key_t *lookup_shared_key(private_main_mode_t *this)
+{
+       host_t *me, *other;
+       identification_t *my_id, *other_id;
+       shared_key_t *shared_key;
+
+       me = this->ike_sa->get_my_host(this->ike_sa);
+       other = this->ike_sa->get_other_host(this->ike_sa);
+       my_id = identification_create_from_sockaddr(me->get_sockaddr(me));
+       other_id = identification_create_from_sockaddr(other->get_sockaddr(other));
+       if (!my_id || !other_id)
+       {
+               DESTROY_IF(my_id);
+               DESTROY_IF(other_id);
+               return NULL;
+       }
+       shared_key = lib->credmgr->get_shared(lib->credmgr, SHARED_IKE, my_id,
+                                                                                 other_id);
+       if (!shared_key)
+       {
+               DBG1(DBG_IKE, "no shared key found for %H - %H", me, other);
+       }
+       my_id->destroy(my_id);
+       other_id->destroy(other_id);
+       return shared_key;
+}
+
+/**
+ * Derive key material for this IKE_SA
+ */
+static bool derive_keys(private_main_mode_t *this, chunk_t nonce_i,
+                                               chunk_t nonce_r)
+{
+       ike_sa_id_t *id = this->ike_sa->get_id(this->ike_sa);
+       shared_key_t *shared_key = NULL;
+
+       switch (this->auth_method)
+       {
+               case AUTH_PSK:
+               case AUTH_XAUTH_INIT_PSK:
+               case AUTH_XAUTH_RESP_PSK:
+                       shared_key = lookup_shared_key(this);
+                       break;
+               default:
+                       break;
+       }
+       if (!this->keymat->derive_ike_keys(this->keymat, this->proposal, this->dh,
+                       this->dh_value, nonce_i, nonce_r, id, this->auth_method, shared_key))
+       {
+               DESTROY_IF(shared_key);
+               DBG1(DBG_IKE, "key derivation for %N failed",
+                        auth_method_names, this->auth_method);
+               return FALSE;
+       }
+       DESTROY_IF(shared_key);
+       charon->bus->ike_keys(charon->bus, this->ike_sa, this->dh, nonce_i, nonce_r,
+                                                 NULL);
+
+       this->authenticator = authenticator_create_v1(this->ike_sa, this->initiator,
+                                                                                       this->auth_method, this->dh,
+                                                                                       this->dh_value, this->sa_payload);
+       if (!this->authenticator)
+       {
+               DBG1(DBG_IKE, "negotiated authentication method %N not supported",
+                        auth_method_names, this->auth_method);
+               return FALSE;
+       }
+       return TRUE;
+}
+
+/**
+ * Set IKE_SA to established state
+ */
+static void establish(private_main_mode_t *this)
+{
+       DBG0(DBG_IKE, "IKE_SA %s[%d] established between %H[%Y]...%H[%Y]",
+                this->ike_sa->get_name(this->ike_sa),
+                this->ike_sa->get_unique_id(this->ike_sa),
+                this->ike_sa->get_my_host(this->ike_sa),
+                this->ike_sa->get_my_id(this->ike_sa),
+                this->ike_sa->get_other_host(this->ike_sa),
+                this->ike_sa->get_other_id(this->ike_sa));
+
+       this->ike_sa->set_state(this->ike_sa, IKE_ESTABLISHED);
+       charon->bus->ike_updown(charon->bus, this->ike_sa, TRUE);
+}
+
 METHOD(task_t, build_r, status_t,
        private_main_mode_t *this, message_t *message)
 {
@@ -364,33 +781,22 @@ METHOD(task_t, build_r, status_t,
                {
                        sa_payload_t *sa_payload;
 
-                       sa_payload = sa_payload_create_from_proposal(SECURITY_ASSOCIATION_V1,
-                                                                                                                this->proposal);
+                       sa_payload = sa_payload_create_from_proposal_v1(this->proposal,
+                                       this->lifetime, 0, this->auth_method, MODE_NONE, FALSE);
                        message->add_payload(message, &sa_payload->payload_interface);
+
                        return NEED_MORE;
                }
                case MM_KE:
                {
-                       ke_payload_t *ke_payload;
-                       nonce_payload_t *nonce_payload;
-                       rng_t *rng;
-
-                       ke_payload = ke_payload_create_from_diffie_hellman(KEY_EXCHANGE_V1,
-                                                                                                                          this->dh);
-                       message->add_payload(message, &ke_payload->payload_interface);
-
-                       rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK);
-                       if (!rng)
+                       if (!add_nonce_ke(this, &this->nonce_r, message))
+                       {
+                               return FAILED;
+                       }
+                       if (!derive_keys(this, this->nonce_i, this->nonce_r))
                        {
-                               DBG1(DBG_IKE, "no RNG found to create nonce");
                                return FAILED;
                        }
-                       rng->allocate_bytes(rng, NONCE_SIZE, &this->nonce_r);
-                       rng->destroy(rng);
-
-                       nonce_payload = nonce_payload_create(NONCE_V1);
-                       nonce_payload->set_nonce(nonce_payload, this->nonce_r);
-                       message->add_payload(message, &nonce_payload->payload_interface);
                        return NEED_MORE;
                }
                case MM_AUTH:
@@ -410,19 +816,33 @@ METHOD(task_t, build_r, status_t,
                        id_payload = id_payload_create_from_identification(ID_V1, id);
                        message->add_payload(message, &id_payload->payload_interface);
 
-                       /* TODO-IKEv1: authenticate us */
+                       if (this->authenticator->build(this->authenticator,
+                                                                                  message) != SUCCESS)
+                       {
+                               return FAILED;
+                       }
 
-                       /* TODO-IKEv1: check for XAUTH rounds, queue them */
-                       DBG0(DBG_IKE, "IKE_SA %s[%d] established between %H[%Y]...%H[%Y]",
-                                this->ike_sa->get_name(this->ike_sa),
-                                this->ike_sa->get_unique_id(this->ike_sa),
-                                this->ike_sa->get_my_host(this->ike_sa),
-                                this->ike_sa->get_my_id(this->ike_sa),
-                                this->ike_sa->get_other_host(this->ike_sa),
-                                this->ike_sa->get_other_id(this->ike_sa));
-                       this->ike_sa->set_state(this->ike_sa, IKE_ESTABLISHED);
-                       charon->bus->ike_updown(charon->bus, this->ike_sa, TRUE);
-                       return SUCCESS;
+                       if (this->peer_cfg->get_virtual_ip(this->peer_cfg))
+                       {
+                               this->ike_sa->queue_task(this->ike_sa,
+                                                       (task_t*)mode_config_create(this->ike_sa, TRUE));
+                       }
+
+                       switch (this->auth_method)
+                       {
+                               case AUTH_XAUTH_INIT_PSK:
+                               case AUTH_XAUTH_INIT_RSA:
+                                       this->ike_sa->queue_task(this->ike_sa,
+                                                                       (task_t*)xauth_create(this->ike_sa, TRUE));
+                                       return SUCCESS;
+                               case AUTH_XAUTH_RESP_PSK:
+                               case AUTH_XAUTH_RESP_RSA:
+                                       /* TODO-IKEv1: not yet supported */
+                                       return FAILED;
+                               default:
+                                       establish(this);
+                                       return SUCCESS;
+                       }
                }
                default:
                        return FAILED;
@@ -438,6 +858,8 @@ METHOD(task_t, process_i, status_t,
                {
                        linked_list_t *list;
                        sa_payload_t *sa_payload;
+                       auth_method_t auth_method;
+                       u_int32_t lifetime;
 
                        sa_payload = (sa_payload_t*)message->get_payload(message,
                                                                                                        SECURITY_ASSOCIATION_V1);
@@ -455,33 +877,33 @@ METHOD(task_t, process_i, status_t,
                                DBG1(DBG_IKE, "no proposal found");
                                return FAILED;
                        }
+
+                       lifetime = sa_payload->get_lifetime(sa_payload);
+                       if (lifetime != this->lifetime)
+                       {
+                               DBG1(DBG_IKE, "received lifetime %us does not match configured "
+                                        "%us, using lower value", lifetime, this->lifetime);
+                       }
+                       this->lifetime = min(this->lifetime, lifetime);
+                       auth_method = sa_payload->get_auth_method(sa_payload);
+                       if (auth_method != this->auth_method)
+                       {
+                               DBG1(DBG_IKE, "received %N authentication, but configured %N, "
+                                        "continue with configured", auth_method_names, auth_method,
+                                        auth_method_names, this->auth_method);
+                       }
                        return NEED_MORE;
                }
                case MM_KE:
                {
-                       ke_payload_t *ke_payload;
-                       nonce_payload_t *nonce_payload;
-
-                       ke_payload = (ke_payload_t*)message->get_payload(message,
-                                                                                                                        KEY_EXCHANGE_V1);
-                       if (!ke_payload)
+                       if (!get_nonce_ke(this, &this->nonce_r, message))
                        {
-                               DBG1(DBG_IKE, "KE payload missing");
                                return FAILED;
                        }
-                       this->dh_value = ke_payload->get_key_exchange_data(ke_payload);
-                       this->dh_value = chunk_clone(this->dh_value);
-                       this->dh->set_other_public_value(this->dh, this->dh_value);
-
-                       nonce_payload = (nonce_payload_t*)message->get_payload(message,
-                                                                                                                                  NONCE_V1);
-                       if (!nonce_payload)
+                       if (!derive_keys(this, this->nonce_i, this->nonce_r))
                        {
-                               DBG1(DBG_IKE, "Nonce payload missing");
                                return FAILED;
                        }
-                       this->nonce_r = nonce_payload->get_nonce(nonce_payload);
-
                        return NEED_MORE;
                }
                case MM_AUTH:
@@ -505,19 +927,26 @@ METHOD(task_t, process_i, status_t,
                        }
                        this->ike_sa->set_other_id(this->ike_sa, id);
 
-                       /* TODO-IKEv1: verify auth */
+                       if (this->authenticator->process(this->authenticator,
+                                                                                        message) != SUCCESS)
+                       {
+                               return FAILED;
+                       }
 
-                       /* TODO-IKEv1: check for XAUTH rounds, queue them */
-                       DBG0(DBG_IKE, "IKE_SA %s[%d] established between %H[%Y]...%H[%Y]",
-                                this->ike_sa->get_name(this->ike_sa),
-                                this->ike_sa->get_unique_id(this->ike_sa),
-                                this->ike_sa->get_my_host(this->ike_sa),
-                                this->ike_sa->get_my_id(this->ike_sa),
-                                this->ike_sa->get_other_host(this->ike_sa),
-                                this->ike_sa->get_other_id(this->ike_sa));
-                       this->ike_sa->set_state(this->ike_sa, IKE_ESTABLISHED);
-                       charon->bus->ike_updown(charon->bus, this->ike_sa, TRUE);
-                       return SUCCESS;
+                       switch (this->auth_method)
+                       {
+                               case AUTH_XAUTH_INIT_PSK:
+                               case AUTH_XAUTH_INIT_RSA:
+                                       /* wait for XAUTH request */
+                                       return SUCCESS;
+                               case AUTH_XAUTH_RESP_PSK:
+                               case AUTH_XAUTH_RESP_RSA:
+                                       /* TODO-IKEv1: not yet */
+                                       return FAILED;
+                               default:
+                                       establish(this);
+                                       return SUCCESS;
+                       }
                }
                default:
                        return FAILED;
@@ -542,9 +971,11 @@ METHOD(task_t, destroy, void,
        DESTROY_IF(this->peer_cfg);
        DESTROY_IF(this->proposal);
        DESTROY_IF(this->dh);
+       DESTROY_IF(this->authenticator);
        free(this->dh_value.ptr);
        free(this->nonce_i.ptr);
        free(this->nonce_r.ptr);
+       free(this->sa_payload.ptr);
        free(this);
 }
 
@@ -564,6 +995,7 @@ main_mode_t *main_mode_create(ike_sa_t *ike_sa, bool initiator)
                        },
                },
                .ike_sa = ike_sa,
+               .keymat = (keymat_v1_t*)ike_sa->get_keymat(ike_sa),
                .initiator = initiator,
                .state = MM_INIT,
        );