- changed interface of ike_sa
authorJan Hutter <jhutter@hsr.ch>
Fri, 25 Nov 2005 13:42:02 +0000 (13:42 -0000)
committerJan Hutter <jhutter@hsr.ch>
Fri, 25 Nov 2005 13:42:02 +0000 (13:42 -0000)
- states can access ike_sa fields now just with functions

Source/charon/sa/ike_sa.c
Source/charon/sa/ike_sa.h
Source/charon/sa/states/ike_auth_requested.c
Source/charon/sa/states/ike_sa_established.c
Source/charon/sa/states/ike_sa_init_requested.c
Source/charon/sa/states/ike_sa_init_responded.c
Source/charon/sa/states/initiator_init.c
Source/charon/sa/states/initiator_init.h
Source/charon/sa/states/responder_init.c
Source/charon/sa/states/state.h

index 7e7a4f7..9eb15e7 100644 (file)
 
 
 
+typedef struct private_ike_sa_t private_ike_sa_t;
+
+/**
+ * Private data of an ike_sa_t object.
+ */
+struct private_ike_sa_t {
+
+       /**
+        * Protected part of a ike_sa_t object.
+        */
+       protected_ike_sa_t protected;
+
+
+       /**
+        * Creates a job to delete the given IKE_SA.
+        * 
+        * @param this                          calling object
+        */
+       status_t (*create_delete_job) (private_ike_sa_t *this);
+
+       /**
+        * Resends the last sent reply.
+        * 
+        * @param this                          calling object
+        */
+       status_t (*resend_last_reply) (private_ike_sa_t *this);
+
+       /* private values */
+       
+       /**
+        * Identifier for the current IKE_SA
+        */
+       ike_sa_id_t *ike_sa_id;
+
+       /**
+        * Linked List containing the child sa's of the current IKE_SA
+        */
+       linked_list_t *child_sas;
+
+       /**
+        * Current state of the IKE_SA
+        */
+       state_t *current_state;
+       
+       /**
+        * this SA's source for random data
+        */
+       randomizer_t *randomizer;
+       
+       /**
+        * contains the last responded message
+        * 
+        */
+       message_t *last_responded_message;
+
+       /**
+        * contains the last requested message
+        * 
+        */
+       message_t *last_requested_message;
+       
+       /**
+        * Informations of this host
+        */
+       struct {
+               host_t *host;
+       } me;
+
+       /**
+        * Informations of the other host
+        */     
+       struct {
+               host_t *host;
+       } other;
+       
+       /**
+        * Crypter object for initiator
+        */
+       crypter_t *crypter_initiator;
+       
+       /**
+        * Crypter object for responder
+        */
+       crypter_t *crypter_responder;
+       
+       /**
+        * Signer object for initiator
+        */
+       signer_t *signer_initiator;
+       
+       /**
+        * Signer object for responder
+        */
+       signer_t *signer_responder;
+       
+       /**
+        * prf function
+        */
+       prf_t *prf;
+       
+       
+       
+       /**
+        * Shared secrets
+        */
+       struct {
+               /**
+                * Key used for deriving other keys
+                */
+               chunk_t d_key;
+               
+               /**
+                * Key for authenticate (initiator)
+                */
+               chunk_t ai_key;
+               
+               /**
+                * Key for authenticate (responder)
+                */
+               chunk_t ar_key;
+
+               /**
+                * Key for encryption (initiator)
+                */
+               chunk_t ei_key; 
+
+               /**
+                * Key for encryption (responder)
+                */
+               chunk_t er_key; 
+
+               /**
+                * Key for generating auth payload (initiator)
+                */
+               chunk_t pi_key; 
+
+               /**
+                * Key for generating auth payload (responder)
+                */
+               chunk_t pr_key; 
+
+       } secrets;
+
+       /**
+        * next message id to receive
+        */
+       u_int32_t message_id_in;
+       
+       /**
+        * next message id to send
+        */
+       u_int32_t message_id_out;
+       
+       /**
+        * a logger for this IKE_SA
+        */
+       logger_t *logger;
+};
+
+
 /**
  * @brief implements function process_message of protected_ike_sa_t
  */
-static status_t process_message (protected_ike_sa_t *this, message_t *message)
+static status_t process_message (private_ike_sa_t *this, message_t *message)
 {      
        u_int32_t message_id;
        exchange_type_t exchange_type;
        bool is_request;
        status_t status;
-       state_t *new_state;
        
        /* we must process each request or response from remote host */
 
@@ -96,19 +255,16 @@ static status_t process_message (protected_ike_sa_t *this, message_t *message)
        }
        
        /* now the message is processed by the current state object */
-       status = this->current_state->process_message(this->current_state,message,&new_state);
+       /* the current state does change the current change to the next one*/
+       status = this->current_state->process_message(this->current_state,message);
 
-       if (status == SUCCESS)
-       {
-               this->current_state = new_state;
-       }
        return status;
 }
 
 /**
  * @brief Implements function build_message of protected_ike_sa_t.
  */
-static status_t build_message(protected_ike_sa_t *this, exchange_type_t type, bool request, message_t **message)
+static status_t build_message(private_ike_sa_t *this, exchange_type_t type, bool request, message_t **message)
 {
        status_t status;
        message_t *new_message; 
@@ -162,12 +318,11 @@ static status_t build_message(protected_ike_sa_t *this, exchange_type_t type, bo
 /**
  * @brief implements function process_configuration of protected_ike_sa_t
  */
-static status_t initialize_connection(protected_ike_sa_t *this, char *name)
+static status_t initialize_connection(private_ike_sa_t *this, char *name)
 {
        /* work is done in state object of type INITIATOR_INIT */
        initiator_init_t *current_state;
        status_t status;
-       state_t *new_state;
        
        if (this->current_state->get_state(this->current_state) != INITIATOR_INIT)
        {
@@ -176,13 +331,9 @@ static status_t initialize_connection(protected_ike_sa_t *this, char *name)
        
        current_state = (initiator_init_t *) this->current_state;
        
-       status = current_state->initiate_connection(current_state,name,&new_state);
+       status = current_state->initiate_connection(current_state,name);
        
-       if (status == SUCCESS)
-       {
-               this->current_state = new_state;
-       }
-       else
+       if (status != SUCCESS)
        {
                this->create_delete_job(this);
        }
@@ -192,12 +343,12 @@ static status_t initialize_connection(protected_ike_sa_t *this, char *name)
 /**
  * @brief implements function protected_ike_sa_t.get_id
  */
-static ike_sa_id_t* get_id(protected_ike_sa_t *this)
+static ike_sa_id_t* get_id(private_ike_sa_t *this)
 {
        return this->ike_sa_id;
 }
 
-static status_t compute_secrets (protected_ike_sa_t *this,chunk_t dh_shared_secret,chunk_t initiator_nonce, chunk_t responder_nonce)
+static status_t compute_secrets (private_ike_sa_t *this,chunk_t dh_shared_secret,chunk_t initiator_nonce, chunk_t responder_nonce)
 {
        chunk_t concatenated_nonces;
        chunk_t skeyseed;
@@ -294,7 +445,7 @@ static status_t compute_secrets (protected_ike_sa_t *this,chunk_t dh_shared_secr
 /**
  * @brief implements function resend_last_reply of protected_ike_sa_t
  */
-status_t resend_last_reply (protected_ike_sa_t *this)
+status_t resend_last_reply (private_ike_sa_t *this)
 {
        packet_t *packet;
        status_t status;
@@ -316,7 +467,7 @@ status_t resend_last_reply (protected_ike_sa_t *this)
        return SUCCESS;
 }
 
-status_t create_delete_job (protected_ike_sa_t *this)
+status_t create_delete_job (private_ike_sa_t *this)
 {
        job_t *delete_job;
        status_t status;
@@ -341,9 +492,140 @@ status_t create_delete_job (protected_ike_sa_t *this)
 }
 
 /**
+ * Implementation of protected_ike_sa_t.set_new_state.
+ */
+static void set_new_state (private_ike_sa_t *this, state_t *state)
+{
+       this->current_state = state;
+}
+
+/**
+ * Implementation of protected_ike_sa_t.get_logger.
+ */
+static logger_t *get_logger (private_ike_sa_t *this)
+{
+       return this->logger;
+}
+
+/**
+ * Implementation of protected_ike_sa_t.get_my_host.
+ */
+static host_t *get_my_host (private_ike_sa_t *this)
+{
+       return this->me.host;
+}
+
+/**
+ * Implementation of protected_ike_sa_t.get_other_host.
+ */
+static host_t *get_other_host (private_ike_sa_t *this)
+{
+       return this->other.host;
+}
+
+/**
+ * Implementation of protected_ike_sa_t.set_my_host.
+ */
+static void set_my_host (private_ike_sa_t *this, host_t *my_host)
+{
+       if (this->me.host != NULL)
+       {
+               this->me.host->destroy(this->me.host);
+       }
+       this->me.host = my_host;
+}
+
+/**
+ * Implementation of protected_ike_sa_t.set_other_host.
+ */
+static void set_other_host (private_ike_sa_t *this, host_t *other_host)
+{
+       if (this->other.host != NULL)
+       {
+               this->other.host->destroy(this->other.host);
+       }
+       this->other.host = other_host;
+}
+
+/**
+ * Implementation of protected_ike_sa_t.set_prf.
+ */
+static void set_prf (private_ike_sa_t *this,prf_t *prf)
+{
+       if (this->prf != NULL)
+       {
+               this->prf->destroy(this->prf);
+       }
+       this->prf = prf;
+}
+
+/**
+ * Implementation of protected_ike_sa_t.get_randomizer.
+ */
+static randomizer_t *get_randomizer (private_ike_sa_t *this)
+{
+       return this->randomizer;
+}
+
+/**
+ * Implementation of protected_ike_sa_t.set_last_requested_message.
+ */
+static status_t set_last_requested_message (private_ike_sa_t *this,message_t * message)
+{
+       if (    this->last_requested_message != NULL)
+       {
+               /* destroy message */
+               this    ->logger->log(this->logger, CONTROL|MOST, "Destroy stored last requested message");
+               this->last_requested_message->destroy(this->last_requested_message);
+       }
+
+       if (message->get_message_id(message) != this->message_id_out)
+       {
+               this    ->logger->log(this->logger, CONTROL|MOST, "last requested message could not be set cause id was not as expected");
+               return FAILED;
+       }
+       this    ->logger->log(this->logger, CONTROL|MOST, "replace last requested message with new one");
+       this->last_requested_message     = message;
+
+       /* message counter can now be increased */
+       this    ->logger->log(this->logger, CONTROL|MOST, "Increate message counter for outgoing messages");
+       this->message_id_out++;
+       return SUCCESS; 
+}
+
+
+/**
+ * Implementation of protected_ike_sa_t.set_last_responded_message.
+ */
+static status_t set_last_responded_message (private_ike_sa_t *this,message_t * message)
+{
+       if (    this->last_responded_message != NULL)
+       {
+               /* destroy message */
+               this    ->logger->log(this->logger, CONTROL|MOST, "Destroy stored last responded message");
+               this->last_responded_message->destroy(this->last_responded_message);
+       }
+       if (message->get_message_id(message) != this->message_id_in)
+       {
+               this    ->logger->log(this->logger, CONTROL|MOST, "last responded message could not be set cause id was not as expected");
+               return FAILED;
+               
+       }
+       this    ->logger->log(this->logger, CONTROL|MOST, "replace last responded message with new one");
+       this->last_responded_message     = message;
+
+       /* message counter can now be increased */
+       this    ->logger->log(this->logger, CONTROL|MOST, "Increate message counter for incoming messages");
+       this->message_id_in++;
+
+       return SUCCESS;
+}
+
+
+/**
  * @brief implements function destroy of protected_ike_sa_t
  */
-static status_t destroy (protected_ike_sa_t *this)
+static status_t destroy (private_ike_sa_t *this)
 {
        
        this->logger->log(this->logger, CONTROL | MORE, "Going to destroy IKE_SA");
@@ -470,23 +752,36 @@ static status_t destroy (protected_ike_sa_t *this)
  */
 ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id)
 {
-       protected_ike_sa_t *this = allocator_alloc_thing(protected_ike_sa_t);
+       private_ike_sa_t *this = allocator_alloc_thing(private_ike_sa_t);
        if (this == NULL)
        {
                return NULL;
        }
 
        /* Public functions */
-       this->public.process_message = (status_t(*)(ike_sa_t*, message_t*)) process_message;
-       this->public.initialize_connection = (status_t(*)(ike_sa_t*, char*)) initialize_connection;
-       this->public.get_id = (ike_sa_id_t*(*)(ike_sa_t*)) get_id;
-       this->public.destroy = (status_t(*)(ike_sa_t*))destroy;
-       
+       this->protected.public.process_message = (status_t(*)(ike_sa_t*, message_t*)) process_message;
+       this->protected.public.initialize_connection = (status_t(*)(ike_sa_t*, char*)) initialize_connection;
+       this->protected.public.get_id = (ike_sa_id_t*(*)(ike_sa_t*)) get_id;
+       this->protected.public.destroy = (status_t(*)(ike_sa_t*))destroy;
+       
+       /* protected functions */
+       this->protected.build_message = (status_t (*) (protected_ike_sa_t *, exchange_type_t , bool , message_t **)) build_message;
+       this->protected.compute_secrets = (status_t (*) (protected_ike_sa_t *,chunk_t ,chunk_t , chunk_t )) compute_secrets;
+       this->protected.get_logger = (logger_t *(*) (protected_ike_sa_t *)) get_logger;         
+       this->protected.get_my_host = (host_t *(*) (protected_ike_sa_t *)) get_my_host;
+       this->protected.get_other_host = (host_t *(*) (protected_ike_sa_t *)) get_other_host;
+       this->protected.set_my_host = (void(*) (protected_ike_sa_t *,host_t *)) set_my_host;
+       this->protected.set_other_host = (void(*) (protected_ike_sa_t *, host_t *)) set_other_host;
+       this->protected.get_randomizer = (randomizer_t *(*) (protected_ike_sa_t *)) get_randomizer;
+       this->protected.set_last_requested_message = (status_t (*) (protected_ike_sa_t *,message_t *)) set_last_requested_message;
+       this->protected.set_last_responded_message = (status_t (*) (protected_ike_sa_t *,message_t *)) set_last_responded_message;
+       this->protected.set_prf = (void (*) (protected_ike_sa_t *,prf_t *)) set_prf;
+       this->protected.set_new_state = (void (*) (protected_ike_sa_t *,state_t *)) set_new_state;
+
        /* private functions */
-       this->build_message = build_message;
        this->resend_last_reply = resend_last_reply;
        this->create_delete_job = create_delete_job;
-       this->compute_secrets = compute_secrets;
+
 
        /* initialize private fields */
        this->logger = global_logger_manager->create_logger(global_logger_manager, IKE_SA, NULL);
@@ -553,11 +848,11 @@ ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id)
        /* at creation time, IKE_SA is in a initiator state */
        if (ike_sa_id->is_initiator(ike_sa_id))
        {
-               this->current_state = (state_t *) initiator_init_create(this);
+               this->current_state = (state_t *) initiator_init_create(&(this->protected));
        }
        else
        {
-               this->current_state = (state_t *) responder_init_create(this);
+               this->current_state = (state_t *) responder_init_create(&(this->protected));
        }
        
        if (this->current_state == NULL)
@@ -571,5 +866,5 @@ ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id)
        }
 
 
-       return &(this->public);
+       return &(this->protected.public);
 }
index 8a1ed00..aa6c0d5 100644 (file)
@@ -124,148 +124,106 @@ struct protected_ike_sa_t {
         * @return                                      TODO
         */
        status_t (*compute_secrets) (protected_ike_sa_t *this,chunk_t dh_shared_secret,chunk_t initiator_nonce, chunk_t responder_nonce);
-
-       /**
-        * Creates a job to delete the given IKE_SA
-        */
-       status_t (*create_delete_job) (protected_ike_sa_t *this);
-
-       /**
-        * Resends the last sent reply
-        */
-       status_t (*resend_last_reply) (protected_ike_sa_t *this);
-       
-       
-       /* protected values */
-       
-       /**
-        * Identifier for the current IKE_SA
-        */
-       ike_sa_id_t *ike_sa_id;
-
-       /**
-        * Linked List containing the child sa's of the current IKE_SA
-        */
-       linked_list_t *child_sas;
-
-       /**
-        * Current state of the IKE_SA
-        */
-       state_t *current_state;
        
        /**
-        * this SA's source for random data
+        * Gets the internal stored logger_t object for given ike_sa_t object.
+        * 
+        * @param this                          calling object
+        * @return                                      pointer to the internal stored logger_t object
         */
-       randomizer_t *randomizer;
+       logger_t *(*get_logger) (protected_ike_sa_t *this);
        
+
        /**
-        * contains the last responded message
+        * Gets the internal stored host_t object for my host.
         * 
+        * @param this                          calling object
+        * @return                                      pointer to the internal stored host_t object
         */
-       message_t *last_responded_message;
+       host_t *(*get_my_host) (protected_ike_sa_t *this);
 
        /**
-        * contains the last requested message
+        * Gets the internal stored host_t object for other host.
         * 
+        * @param this                          calling object
+        * @return                                      pointer to the internal stored host_t object
         */
-       message_t *last_requested_message;
+       host_t *(*get_other_host) (protected_ike_sa_t *this);
        
        /**
-        * Informations of this host
+        * Sets the internal stored host_t object for my host.
+        * 
+        * Allready existing object gets destroyed. object gets not cloned!
+        * 
+        * @param this                          calling object
+        * @param my_host                       pointer to the new host_t object
         */
-       struct {
-               host_t *host;
-       } me;
+       void (*set_my_host) (protected_ike_sa_t *this,host_t * my_host);
 
        /**
-        * Informations of the other host
-        */     
-       struct {
-               host_t *host;
-       } other;
-       
-       /**
-        * Crypter object for initiator
-        */
-       crypter_t *crypter_initiator;
-       
-       /**
-        * Crypter object for responder
-        */
-       crypter_t *crypter_responder;
-       
-       /**
-        * Signer object for initiator
-        */
-       signer_t *signer_initiator;
-       
-       /**
-        * Signer object for responder
+        * Sets the internal stored host_t object for other host.
+        * 
+        * Allready existing object gets destroyed. object gets not cloned!
+        * 
+        * @param this                          calling object
+        * @param other_host                    pointer to the new host_t object
         */
-       signer_t *signer_responder;
+       void (*set_other_host) (protected_ike_sa_t *this,host_t *other_host);
        
        /**
-        * prf function
+        * Sets the internal stored prf_t object.
+        * 
+        * Allready existing object gets destroyed. object gets not cloned!
+        * 
+        * @param this                          calling object
+        * @param prf                           pointer to the new prf_t object
         */
-       prf_t *prf;
-       
-       
+       void (*set_prf) (protected_ike_sa_t *this,prf_t *prf);
        
        /**
-        * Shared secrets
+        * Sets the last requested message.
+        * 
+        * Allready set last requested message gets destroyed. object gets not cloned!
+        * 
+        * @param this                          calling object
+        * @param message                       pointer to the new last requested message
+        * @return
+        *                                                      - SUCCESS
+        *                                                      - FAILED if message id is not next expected one
         */
-       struct {
-               /**
-                * Key used for deriving other keys
-                */
-               chunk_t d_key;
-               
-               /**
-                * Key for authenticate (initiator)
-                */
-               chunk_t ai_key;
-               
-               /**
-                * Key for authenticate (responder)
-                */
-               chunk_t ar_key;
-
-               /**
-                * Key for encryption (initiator)
-                */
-               chunk_t ei_key; 
-
-               /**
-                * Key for encryption (responder)
-                */
-               chunk_t er_key; 
-
-               /**
-                * Key for generating auth payload (initiator)
-                */
-               chunk_t pi_key; 
-
-               /**
-                * Key for generating auth payload (responder)
-                */
-               chunk_t pr_key; 
-
-       } secrets;
+       status_t (*set_last_requested_message) (protected_ike_sa_t *this,message_t * message);
 
        /**
-        * next message id to receive
+        * Sets the last responded message.
+        * 
+        * Allready set last requested message gets destroyed. object gets not cloned!
+        * 
+        * @param this                          calling object
+        * @param message                       pointer to the new last responded message
+        * return                                       
+        *                                                      - SUCCESS
+        *                                                      - FAILED if message id is not next expected one
         */
-       u_int32_t message_id_in;
+       status_t (*set_last_responded_message) (protected_ike_sa_t *this,message_t * message);
        
        /**
-        * next message id to send
+        * Gets the internal stored randomizer_t object.
+        * 
+        * @param this                          calling object
+        * @return                                      pointer to the internal randomizer_t object
         */
-       u_int32_t message_id_out;
+       randomizer_t *(*get_randomizer) (protected_ike_sa_t *this);
        
        /**
-        * a logger for this IKE_SA
+        * Sets the new state_t object of the IKE_SA object.
+        * 
+        * The old state_t object gets not destroyed. It's the callers duty to 
+        * make sure old state is destroyed (Normally the old state is the caller ).
+        * 
+        * @param this                          calling object
+        * @param state                         pointer to the new state_t object
         */
-       logger_t *logger;
+       void (*set_new_state) (protected_ike_sa_t *this,state_t *state);
 };
 
 
index 4681b64..43af215 100644 (file)
@@ -47,9 +47,8 @@ struct private_ike_auth_requested_t {
 /**
  * Implements state_t.get_state
  */
-static status_t process_message(private_ike_auth_requested_t *this, message_t *message, state_t **new_state)
+static status_t process_message(private_ike_auth_requested_t *this, message_t *message)
 {
-       *new_state = (state_t *) this;
        return SUCCESS;
 }
 
@@ -83,7 +82,7 @@ ike_auth_requested_t *ike_auth_requested_create(protected_ike_sa_t *ike_sa)
        }
 
        /* interface functions */
-       this->public.state_interface.process_message = (status_t (*) (state_t *,message_t *,state_t **)) process_message;
+       this->public.state_interface.process_message = (status_t (*) (state_t *,message_t *)) process_message;
        this->public.state_interface.get_state = (ike_sa_state_t (*) (state_t *)) get_state;
        this->public.state_interface.destroy  = (status_t (*) (state_t *)) destroy;
        
index 769ac8c..f9c68f1 100644 (file)
@@ -47,9 +47,8 @@ struct private_ike_sa_established_t {
 /**
  * Implements state_t.get_state
  */
-static status_t process_message(private_ike_sa_established_t *this, message_t *message, state_t **new_state)
+static status_t process_message(private_ike_sa_established_t *this, message_t *message)
 {
-       *new_state = (state_t *) this;
        return SUCCESS;
 }
 
@@ -83,7 +82,7 @@ ike_sa_established_t *ike_sa_established_create(protected_ike_sa_t *ike_sa)
        }
 
        /* interface functions */
-       this->public.state_interface.process_message = (status_t (*) (state_t *,message_t *,state_t **)) process_message;
+       this->public.state_interface.process_message = (status_t (*) (state_t *,message_t *)) process_message;
        this->public.state_interface.get_state = (ike_sa_state_t (*) (state_t *)) get_state;
        this->public.state_interface.destroy  = (status_t (*) (state_t *)) destroy;
        
index 040942a..5106977 100644 (file)
@@ -85,12 +85,14 @@ struct private_ike_sa_init_requested_t {
 /**
  * Implements state_t.get_state
  */
-static status_t process_message(private_ike_sa_init_requested_t *this, message_t *message, state_t **new_state)
+static status_t process_message(private_ike_sa_init_requested_t *this, message_t *message)
 {
-       status_t                                status;
-       iterator_t      *payloads;
-       exchange_type_t                 exchange_type;
-       u_int64_t                               responder_spi;
+       status_t status;
+       iterator_t *payloads;
+       exchange_type_t exchange_type;
+       u_int64_t responder_spi;
+       ike_sa_id_t *ike_sa_id;
+       
 
        exchange_type = message->get_exchange_type(message);
        if (exchange_type != IKE_SA_INIT)
@@ -114,7 +116,8 @@ static status_t process_message(private_ike_sa_init_requested_t *this, message_t
        }
        
        responder_spi = message->get_responder_spi(message);
-       this->ike_sa->ike_sa_id->set_responder_spi(this->ike_sa->ike_sa_id,responder_spi);
+       ike_sa_id = this->ike_sa->public.get_id(&(this->ike_sa->public));
+       ike_sa_id->set_responder_spi(ike_sa_id,responder_spi);
        
        /* iterate over incoming payloads */
        status = message->get_payload_iterator(message, &payloads);
@@ -138,7 +141,9 @@ static status_t process_message(private_ike_sa_init_requested_t *this, message_t
                                encryption_algorithm_t          encryption_algorithm = ENCR_UNDEFINED;
                                pseudo_random_function_t                pseudo_random_function = PRF_UNDEFINED;
                                integrity_algorithm_t           integrity_algorithm = AUTH_UNDEFINED;
-
+                               prf_t *prf;
+                               
+                               
                                /* get the list of suggested proposals */ 
                                status = sa_payload->create_proposal_substructure_iterator(sa_payload, &suggested_proposals, TRUE);
                                if (status != SUCCESS)
@@ -151,7 +156,7 @@ static status_t process_message(private_ike_sa_init_requested_t *this, message_t
                                /* now let the configuration-manager return the transforms for the given proposal*/
                                this->logger->log(this->logger, CONTROL | MOST, "Get transforms for suggested proposal");
                                status = global_configuration_manager->get_transforms_for_host_and_proposals(global_configuration_manager,
-                                                                       this->ike_sa->other.host, suggested_proposals, &encryption_algorithm,&pseudo_random_function,&integrity_algorithm);
+                                                                       this->ike_sa->get_other_host(this->ike_sa), suggested_proposals, &encryption_algorithm,&pseudo_random_function,&integrity_algorithm);
                                if (status != SUCCESS)
                                {
                                        this->logger->log(this->logger, ERROR | MORE, "Suggested proposals not supported!");
@@ -161,13 +166,14 @@ static status_t process_message(private_ike_sa_init_requested_t *this, message_t
                                }
                                suggested_proposals->destroy(suggested_proposals);
                                
-                               this->ike_sa->prf = prf_create(pseudo_random_function);
-                               if (this->ike_sa->prf == NULL)
+                               prf = prf_create(pseudo_random_function);
+                               if (prf == NULL)
                                {
                                        this->logger->log(this->logger, ERROR | MORE, "PRF type not supported");
                                        payloads->destroy(payloads);
                                        return FAILED;
                                }
+                               this->ike_sa->set_prf(this->ike_sa,prf);
                                
 
                                /* ok, we have what we need for sa_payload */
@@ -251,12 +257,10 @@ static status_t process_message(private_ike_sa_init_requested_t *this, message_t
         * 
         *  TODO
         * 
-        * Create PRF+ object
-        * 
-        * Create Keys for next process
-        * 
         * Send IKE_SA_AUTH request
         * 
+        * Make state change
+        * 
         ****************************/
 
 
@@ -269,7 +273,7 @@ static status_t process_message(private_ike_sa_init_requested_t *this, message_t
 
 //     response->destroy(response);
 
-       *new_state = (state_t *) this;
+
        
        return SUCCESS;
 }
@@ -325,7 +329,7 @@ ike_sa_init_requested_t *ike_sa_init_requested_create(protected_ike_sa_t *ike_sa
        }
 
        /* interface functions */
-       this->public.state_interface.process_message = (status_t (*) (state_t *,message_t *,state_t **)) process_message;
+       this->public.state_interface.process_message = (status_t (*) (state_t *,message_t *)) process_message;
        this->public.state_interface.get_state = (ike_sa_state_t (*) (state_t *)) get_state;
        this->public.state_interface.destroy  = (status_t (*) (state_t *)) destroy;
        
@@ -335,7 +339,7 @@ ike_sa_init_requested_t *ike_sa_init_requested_create(protected_ike_sa_t *ike_sa
        this->received_nonce.len = 0;
        this->shared_secret.ptr = NULL;
        this->shared_secret.len = 0;
-       this->logger = this->ike_sa->logger;
+       this->logger = this->ike_sa->get_logger(this->ike_sa);
        this->diffie_hellman = diffie_hellman;
        this->sent_nonce = sent_nonce;
        this->dh_group_priority = dh_group_priority;
index 5c7ba09..7bc3ee4 100644 (file)
@@ -71,9 +71,8 @@ struct private_ike_sa_init_responded_t {
 /**
  * Implements state_t.get_state
  */
-static status_t process_message(private_ike_sa_init_responded_t *this, message_t *message, state_t **new_state)
+static status_t process_message(private_ike_sa_init_responded_t *this, message_t *message)
 {
-       *new_state = (state_t *) this;
        return SUCCESS;
 }
 
@@ -119,13 +118,13 @@ ike_sa_init_responded_t *ike_sa_init_responded_create(protected_ike_sa_t *ike_sa
        }
 
        /* interface functions */
-       this->public.state_interface.process_message = (status_t (*) (state_t *,message_t *,state_t **)) process_message;
+       this->public.state_interface.process_message = (status_t (*) (state_t *,message_t *)) process_message;
        this->public.state_interface.get_state = (ike_sa_state_t (*) (state_t *)) get_state;
        this->public.state_interface.destroy  = (status_t (*) (state_t *)) destroy;
        
        /* private data */
        this->ike_sa = ike_sa;
-       this->logger = this->ike_sa->logger;
+       this->logger = this->ike_sa->get_logger(this->ike_sa);
        this->shared_secret = shared_secret;
        this->received_nonce = received_nonce;
        this->sent_nonce = sent_nonce;
index c5acbd1..133d240 100644 (file)
@@ -146,29 +146,35 @@ struct private_initiator_init_t {
 /**
  * Implements function initiator_init_t.initiate_connection.
  */
-static status_t initiate_connection (private_initiator_init_t *this, char *name, state_t **new_state)
+static status_t initiate_connection (private_initiator_init_t *this, char *name)
 {
        iterator_t      *proposal_iterator;
        ike_sa_init_requested_t         *next_state;
        message_t                               *message;
        packet_t                                *packet;
        status_t                                status;
+       host_t                                  *my_host;
+       host_t                                  *other_host;
+       randomizer_t                            *randomizer;
+       
 
        this->logger->log(this->logger, CONTROL, "Initializing connection %s",name);
        
-       status = global_configuration_manager->get_local_host(global_configuration_manager, name, &(this->ike_sa->me.host));
+       status = global_configuration_manager->get_local_host(global_configuration_manager, name, &my_host);
        if (status != SUCCESS)
        {       
                this->logger->log(this->logger, ERROR | MORE, "Could not retrieve local host configuration information for %s",name);
                return INVALID_ARG;
        }
+       this->ike_sa->set_my_host(this->ike_sa,my_host);
        
-       status = global_configuration_manager->get_remote_host(global_configuration_manager, name, &(this->ike_sa->other.host));
+       status = global_configuration_manager->get_remote_host(global_configuration_manager, name, &other_host);
        if (status != SUCCESS)
        {       
                this->logger->log(this->logger, ERROR | MORE, "Could not retrieve remote host configuration information for %s",name);
                return INVALID_ARG;
        }
+       this->ike_sa->set_other_host(this->ike_sa,other_host);
        
        status = global_configuration_manager->get_dh_group_number(global_configuration_manager, name, &(this->dh_group_number), this->dh_group_priority);
        if (status != SUCCESS)
@@ -184,7 +190,7 @@ static status_t initiate_connection (private_initiator_init_t *this, char *name,
                return status;  
        }
        
-       status = global_configuration_manager->get_proposals_for_host(global_configuration_manager, this->ike_sa->other.host, proposal_iterator);
+       status = global_configuration_manager->get_proposals_for_host(global_configuration_manager, this->ike_sa->get_other_host(this->ike_sa), proposal_iterator);
        /* not needed anymore */
        proposal_iterator->destroy(proposal_iterator);
        if (status != SUCCESS)
@@ -214,7 +220,8 @@ static status_t initiate_connection (private_initiator_init_t *this, char *name,
        }
 
        this    ->logger->log(this->logger, CONTROL|MOST, "Get pseudo random bytes for nonce");
-       if (this->ike_sa->randomizer->allocate_pseudo_random_bytes(this->ike_sa->randomizer, NONCE_SIZE, &(this->sent_nonce)) != SUCCESS)
+       randomizer = this->ike_sa->get_randomizer(this->ike_sa);
+       if (randomizer->allocate_pseudo_random_bytes(randomizer, NONCE_SIZE, &(this->sent_nonce)) != SUCCESS)
        {
                this->logger->log(this->logger, ERROR, "Could not create nonce!");
                return OUT_OF_RES;
@@ -253,29 +260,27 @@ static status_t initiate_connection (private_initiator_init_t *this, char *name,
        /* state can now be changed */
        this    ->logger->log(this->logger, CONTROL|MOST, "Create next state object");
        next_state = ike_sa_init_requested_create(this->ike_sa, this->dh_group_number, this->diffie_hellman, this->sent_nonce);
-
        if (next_state == NULL)
        {
                this    ->logger->log(this->logger, ERROR, "Fatal error: could not create next state object of type ike_sa_init_requested_t");
+               message->destroy(message);
                return FAILED;
        }
 
-       if (    this->ike_sa->last_requested_message != NULL)
+       /* last message can now be set */
+       status = this->ike_sa->set_last_requested_message(this->ike_sa, message);
+
+       if (status != SUCCESS)
        {
-               /* destroy message */
-               this    ->logger->log(this->logger, CONTROL|MOST, "Destroy stored last requested message");
-               this->ike_sa->last_requested_message->destroy(this->ike_sa->last_requested_message);
+               this->logger->log(this->logger, ERROR, "Could not set last requested message");
+               (next_state->state_interface).destroy(&(next_state->state_interface));
+               message->destroy(message);
+               return status;
        }
 
-       /* message is set after state create */
-       this    ->logger->log(this->logger, CONTROL|MOST, "replace last requested message with current one");
-       this->ike_sa->last_requested_message     = message;
-
-       /* message counter can now be increased */
-       this    ->logger->log(this->logger, CONTROL|MOST, "Increate message counter for outgoing messages");
-       this->ike_sa->message_id_out++;
+       /* state can now be changed */ 
+       this->ike_sa->set_new_state(this->ike_sa,(state_t *) next_state);
 
-       *new_state = (state_t *) next_state;
        /* state has NOW changed :-) */
        this    ->logger->log(this->logger, CONTROL|MORE, "Changed state of IKE_SA from %s to %s",mapping_find(ike_sa_state_m,INITIATOR_INIT),mapping_find(ike_sa_state_m,IKE_SA_INIT_REQUESTED) );
 
@@ -589,12 +594,12 @@ initiator_init_t *initiator_init_create(protected_ike_sa_t *ike_sa)
        }
 
        /* interface functions */
-       this->public.state_interface.process_message = (status_t (*) (state_t *,message_t *,state_t **)) process_message;
+       this->public.state_interface.process_message = (status_t (*) (state_t *,message_t *)) process_message;
        this->public.state_interface.get_state = (ike_sa_state_t (*) (state_t *)) get_state;
        this->public.state_interface.destroy  = (status_t (*) (state_t *)) destroy;
        
        /* public functions */
-       this->public.initiate_connection = (status_t (*)(initiator_init_t *, char *, state_t **)) initiate_connection;
+       this->public.initiate_connection = (status_t (*)(initiator_init_t *, char *)) initiate_connection;
        
        /* private functions */
        this->destroy_after_state_change = destroy_after_state_change;
@@ -606,7 +611,7 @@ initiator_init_t *initiator_init_create(protected_ike_sa_t *ike_sa)
        /* private data */
        this->ike_sa = ike_sa;
        this->dh_group_priority = 1;
-       this->logger = this->ike_sa->logger;
+       this->logger = this->ike_sa->get_logger(this->ike_sa);
        this->proposals = linked_list_create();
        this->sent_nonce = CHUNK_INITIALIZER;
        if (this->proposals == NULL)
index c61c137..c150eb6 100644 (file)
@@ -46,10 +46,9 @@ struct initiator_init_t {
         * 
         * @param this                  calling object
         * @param name                  name of the configuration
-        * @param new_state             new state if call succeeded
         * @return                              TODO
         */
-       status_t (*initiate_connection) (initiator_init_t *this, char *name, state_t **new_state);      
+       status_t (*initiate_connection) (initiator_init_t *this, char *name);   
 };
 
 /**
index d68bfc6..9c6067f 100644 (file)
@@ -142,7 +142,7 @@ struct private_responder_init_t {
 /**
  * Implements state_t.get_state
  */
-static status_t process_message(private_responder_init_t *this, message_t *message, state_t **new_state)
+static status_t process_message(private_responder_init_t *this, message_t *message)
 {
        iterator_t *payloads;
        host_t *source, *destination;
@@ -153,6 +153,9 @@ static status_t process_message(private_responder_init_t *this, message_t *messa
        chunk_t shared_secret;
        exchange_type_t exchange_type;
        ike_sa_init_responded_t *next_state;
+       host_t *my_host;
+       host_t *other_host;
+       randomizer_t *randomizer;
 
        exchange_type = message->get_exchange_type(message);
        if (exchange_type != IKE_SA_INIT)
@@ -172,8 +175,23 @@ static status_t process_message(private_responder_init_t *this, message_t *messa
        message->get_destination(message, &destination);
        
        /* we need to clone them, since we destroy the message later */
-       destination->clone(destination, &(this->ike_sa->me.host));
-       source->clone(source, &(this->ike_sa->other.host));
+       status = destination->clone(destination, &my_host);
+       if (status != SUCCESS)
+       {
+               this->logger->log(this->logger, ERROR, "Fatal error: could not clone my host informations");
+               return status;  
+       }
+       status = source->clone(source, &other_host);
+       if (status != SUCCESS)
+       {
+               this->logger->log(this->logger, ERROR, "Fatal error: could not clone other host informations");
+               my_host->destroy(my_host);
+               return status;  
+       }
+
+       
+       this->ike_sa->set_my_host(this->ike_sa, my_host);
+       this->ike_sa->set_other_host(this->ike_sa, other_host);
        
        /* parse incoming message */
        status = message->parse_body(message);
@@ -205,9 +223,10 @@ static status_t process_message(private_responder_init_t *this, message_t *messa
                        {
                                sa_payload_t *sa_payload = (sa_payload_t*)payload;
                                iterator_t *suggested_proposals, *accepted_proposals;
-                               encryption_algorithm_t          encryption_algorithm = ENCR_UNDEFINED;
-                               pseudo_random_function_t                pseudo_random_function = PRF_UNDEFINED;
-                               integrity_algorithm_t           integrity_algorithm = AUTH_UNDEFINED;
+                               encryption_algorithm_t encryption_algorithm = ENCR_UNDEFINED;
+                               pseudo_random_function_t         pseudo_random_function = PRF_UNDEFINED;
+                               integrity_algorithm_t integrity_algorithm = AUTH_UNDEFINED;
+                               prf_t *prf;
 
                                status = this->proposals->create_iterator(this->proposals, &accepted_proposals, FALSE);
                                if (status != SUCCESS)
@@ -229,7 +248,7 @@ static status_t process_message(private_responder_init_t *this, message_t *messa
                                
                                /* now let the configuration-manager select a subset of the proposals */
                                status = global_configuration_manager->select_proposals_for_host(global_configuration_manager,
-                                                                       this->ike_sa->other.host, suggested_proposals, accepted_proposals);
+                                                                       this->ike_sa->get_other_host(this->ike_sa), suggested_proposals, accepted_proposals);
                                if (status != SUCCESS)
                                {
                                        this->logger->log(this->logger, CONTROL | MORE, "No proposal of suggested proposals selected");
@@ -246,7 +265,7 @@ static status_t process_message(private_responder_init_t *this, message_t *messa
                                /* now let the configuration-manager return the transforms for the given proposal*/
                                this->logger->log(this->logger, CONTROL | MOST, "Get transforms for accepted proposal");
                                status = global_configuration_manager->get_transforms_for_host_and_proposals(global_configuration_manager,
-                                                                       this->ike_sa->other.host, accepted_proposals, &encryption_algorithm,&pseudo_random_function,&integrity_algorithm);
+                                                                       this->ike_sa->get_other_host(this->ike_sa), accepted_proposals, &encryption_algorithm,&pseudo_random_function,&integrity_algorithm);
                                if (status != SUCCESS)
                                {
                                        this->logger->log(this->logger, ERROR | MORE, "Accepted proposals not supported?!");
@@ -256,13 +275,14 @@ static status_t process_message(private_responder_init_t *this, message_t *messa
                                }
                                accepted_proposals->destroy(accepted_proposals);
                                
-                               this->ike_sa->prf = prf_create(pseudo_random_function);
-                               if (this->ike_sa->prf == NULL)
+                               prf = prf_create(pseudo_random_function);
+                               if (prf == NULL)
                                {
                                        this->logger->log(this->logger, ERROR | MORE, "PRF type not supported");
                                        payloads->destroy(payloads);
                                        return FAILED;
                                }
+                               this->ike_sa->set_prf(this->ike_sa,prf);
                                
                                this->logger->log(this->logger, CONTROL | MORE, "SA Payload processed");
                                /* ok, we have what we need for sa_payload (proposals are stored in this->proposals)*/
@@ -278,7 +298,7 @@ static status_t process_message(private_responder_init_t *this, message_t *messa
                                group = ke_payload->get_dh_group_number(ke_payload);
                                
                                status = global_configuration_manager->is_dh_group_allowed_for_host(global_configuration_manager,
-                                                               this->ike_sa->other.host, group, &allowed_group);
+                                                               this->ike_sa->get_other_host(this->ike_sa), group, &allowed_group);
 
                                if (status != SUCCESS)
                                {
@@ -355,8 +375,11 @@ static status_t process_message(private_responder_init_t *this, message_t *messa
        
        this->logger->log(this->logger, CONTROL | MORE, "Request successfully handled. Going to create reply.");
 
-       this->logger->log(this->logger, CONTROL | MOST, "Going to create nonce.");              
-       if (this->ike_sa->randomizer->allocate_pseudo_random_bytes(this->ike_sa->randomizer, NONCE_SIZE, &(this->sent_nonce)) != SUCCESS)
+       this->logger->log(this->logger, CONTROL | MOST, "Going to create nonce.");      
+       
+       randomizer = this->ike_sa->get_randomizer(this->ike_sa);
+       
+       if (randomizer->allocate_pseudo_random_bytes(randomizer, NONCE_SIZE, &(this->sent_nonce)) != SUCCESS)
        {
                this->logger->log(this->logger, ERROR, "Could not create nonce!");
                return OUT_OF_RES;
@@ -447,6 +470,7 @@ static status_t process_message(private_responder_init_t *this, message_t *messa
        if (status != SUCCESS)
        {
                this->logger->log(this->logger, ERROR, "Could not add packet to send queue");
+               packet->destroy(packet);
                return status;
        }
 
@@ -462,19 +486,19 @@ static status_t process_message(private_responder_init_t *this, message_t *messa
                return FAILED;
        }
        
-       if (    this->ike_sa->last_responded_message != NULL)
+       /* last message can now be set */
+       status = this->ike_sa->set_last_responded_message(this->ike_sa, response);
+
+       if (status != SUCCESS)
        {
-               /* destroy message */
-               this    ->logger->log(this->logger, CONTROL|MOST, "Destroy stored last responded message");
-               this->ike_sa->last_responded_message->destroy(this->ike_sa->last_responded_message);
+               this->logger->log(this->logger, ERROR, "Could not set last responded message");
+               response->destroy(response);
+               (next_state->state_interface).destroy(&(next_state->state_interface));
+               return status;
        }
-       this->ike_sa->last_responded_message     = response;
 
-       /* message counter can now be increased */
-       this    ->logger->log(this->logger, CONTROL|MOST, "Increate message counter for incoming messages");
-       this->ike_sa->message_id_in++;
-
-       *new_state = (state_t *) next_state;
+       /* state can now be changed */
+       this->ike_sa->set_new_state(this->ike_sa, (state_t *) next_state);
        /* state has NOW changed :-) */
        this    ->logger->log(this->logger, CONTROL|MORE, "Changed state of IKE_SA from %s to %s",mapping_find(ike_sa_state_m,RESPONDER_INIT),mapping_find(ike_sa_state_m,IKE_SA_INIT_RESPONDED) );
 
@@ -717,7 +741,7 @@ responder_init_t *responder_init_create(protected_ike_sa_t *ike_sa)
        }
 
        /* interface functions */
-       this->public.state_interface.process_message = (status_t (*) (state_t *,message_t *,state_t **)) process_message;
+       this->public.state_interface.process_message = (status_t (*) (state_t *,message_t *)) process_message;
        this->public.state_interface.get_state = (ike_sa_state_t (*) (state_t *)) get_state;
        this->public.state_interface.destroy  = (status_t (*) (state_t *)) destroy;
        
@@ -729,7 +753,7 @@ responder_init_t *responder_init_create(protected_ike_sa_t *ike_sa)
        
        /* private data */
        this->ike_sa = ike_sa;
-       this->logger = this->ike_sa->logger;
+       this->logger = this->ike_sa->get_logger(this->ike_sa);
        this->sent_nonce.ptr = NULL;
        this->sent_nonce.len = 0;
        this->received_nonce.ptr = NULL;
index e888eaf..7a8f843 100644 (file)
@@ -87,13 +87,11 @@ struct state_t {
         *
         * @param this                  state_t object
         * @param[in]                   message message_t object to process
-        * @param this                  state_t pointer to the new state_t object
         * @return                              
         *                                              - SUCCESSFUL if succeeded
         *                                              - FAILED otherwise
         */
-       status_t (*process_message) (state_t *this,message_t *message,state_t **new_state);
-
+       status_t (*process_message) (state_t *this,message_t *message);
 
        /**
         * @brief Get the current state