- state ike_auth_requested
authorMartin Willi <martin@strongswan.org>
Fri, 2 Dec 2005 13:45:47 +0000 (13:45 -0000)
committerMartin Willi <martin@strongswan.org>
Fri, 2 Dec 2005 13:45:47 +0000 (13:45 -0000)
- does now establishing of IKE_SA in both directions

Source/charon/encoding/message.c
Source/charon/sa/ike_sa.c
Source/charon/sa/states/ike_auth_requested.c
Source/charon/sa/states/ike_auth_requested.h
Source/charon/sa/states/ike_sa_init_requested.c
Source/charon/sa/states/ike_sa_init_responded.c
Source/charon/testcases/testcases.c

index 84f1743..b9f34e5 100644 (file)
@@ -821,7 +821,6 @@ static status_t verify(private_message_t *this)
                }
        }
        iterator->destroy(iterator);
-       
        return SUCCESS;
 }
 
index 46807de..a974ce3 100644 (file)
@@ -458,7 +458,7 @@ static status_t create_delete_job(private_ike_sa_t *this)
  */
 static void set_new_state (private_ike_sa_t *this, state_t *state)
 {
-       this->logger->log(this->logger, ERROR, "Change current state %s to %s",mapping_find(ike_sa_state_m,this->current_state->get_state(this->current_state)),mapping_find(ike_sa_state_m,state->get_state(state)));
+       this->logger->log(this->logger, CONTROL, "Change current state %s to %s",mapping_find(ike_sa_state_m,this->current_state->get_state(this->current_state)),mapping_find(ike_sa_state_m,state->get_state(state)));
        this->current_state = state;
 }
 
@@ -628,9 +628,6 @@ static signer_t *get_signer_initiator (private_ike_sa_t *this)
 }
 
 /**
-<<<<<<< .mine
- * Implementation of protected_ike_sa_t.send_request.
-=======
  * Implementation of protected_ike_sa_t.get_crypter_responder.
  */
 static crypter_t *get_crypter_responder(private_ike_sa_t *this)
@@ -646,10 +643,8 @@ static signer_t *get_signer_responder (private_ike_sa_t *this)
        return this->signer_responder;
 }
 
-
 /**
- * Implementation of protected_ike_sa_t.set_last_requested_message.
->>>>>>> .r660
+ * Implementation of protected_ike_sa_t.send_request.
  */
 static status_t send_request (private_ike_sa_t *this,message_t * message)
 {
@@ -704,7 +699,7 @@ static status_t send_response (private_ike_sa_t *this,message_t * message)
                return FAILED;  
        }
        
-       status = message->generate(message, this->crypter_initiator,this->signer_initiator, &packet);
+       status = message->generate(message, this->crypter_responder,this->signer_responder, &packet);
        if (status != SUCCESS)
        {
                this->logger->log(this->logger, ERROR, "Could not generate packet from message");
index eb4ccae..82d7ca9 100644 (file)
@@ -45,16 +45,6 @@ struct private_ike_auth_requested_t {
        ike_auth_requested_t public;
        
        /**
-        * Sent nonce value
-        */
-       chunk_t sent_nonce;
-       
-       /**
-        * Received nonce
-        */
-       chunk_t received_nonce;
-       
-       /**
         * Assigned IKE_SA
         */
         protected_ike_sa_t *ike_sa;
@@ -89,13 +79,11 @@ static status_t process_message(private_ike_auth_requested_t *this, message_t *r
        crypter_t *crypter;
        iterator_t *payloads;
        exchange_type_t exchange_type;
-       id_payload_t *idr_payload;
+       id_payload_t *idr_payload = NULL;
        auth_payload_t *auth_payload;
        sa_payload_t *sa_payload;
        ts_payload_t *tsi_payload, *tsr_payload;
        
-       return SUCCESS;
-
        exchange_type = request->get_exchange_type(request);
        if (exchange_type != IKE_AUTH)
        {
@@ -172,8 +160,7 @@ static status_t process_message(private_ike_auth_requested_t *this, message_t *r
        }
        /* iterator can be destroyed */
        payloads->destroy(payloads);
-       
-       
+
        /* add payloads to it */
        status = this->process_idr_payload(this, idr_payload);
        if (status != SUCCESS)
@@ -211,6 +198,7 @@ static status_t process_message(private_ike_auth_requested_t *this, message_t *r
        /* create new state */
        this->ike_sa->set_new_state(this->ike_sa, (state_t*)ike_sa_established_create(this->ike_sa));
 
+       this->public.state_interface.destroy(&(this->public.state_interface));
        return SUCCESS;
 }
 
@@ -221,19 +209,24 @@ static status_t process_idr_payload(private_ike_auth_requested_t *this, id_paylo
 {
        identification_t *other_id, *configured_other_id;
        
-       other_id = idr_payload->get_identification(idr_payload);
-
-       configured_other_id = this->sa_config->get_other_id(this->sa_config);
-       if (configured_other_id)
+       /* idr is optional */
+       if (idr_payload)
        {
-               if (!other_id->equals(other_id, configured_other_id))
+               other_id = idr_payload->get_identification(idr_payload);
+       
+               configured_other_id = this->sa_config->get_other_id(this->sa_config);
+               if (configured_other_id)
                {
-                       this->logger->log(this->logger, ERROR, "IKE_AUTH reply didn't contain requested id");
-                       return FAILED;  
+                       if (!other_id->equals(other_id, configured_other_id))
+                       {
+                               this->logger->log(this->logger, ERROR, "IKE_AUTH reply didn't contain requested id");
+                               return FAILED;  
+                       }
                }
+               
+               other_id->destroy(other_id);
+               /* TODO do we have to store other_id  somewhere ? */
        }
-       
-       /* TODO do we have to store other_id  somewhere ? */    
        return SUCCESS;
 }
 
@@ -345,15 +338,13 @@ static ike_sa_state_t get_state(private_ike_auth_requested_t *this)
  */
 static void destroy(private_ike_auth_requested_t *this)
 {
-       allocator_free(this->sent_nonce.ptr);
-       allocator_free(this->received_nonce.ptr);
        allocator_free(this);
 }
 
 /* 
  * Described in header.
  */
-ike_auth_requested_t *ike_auth_requested_create(protected_ike_sa_t *ike_sa, chunk_t sent_nonce, chunk_t received_nonce)
+ike_auth_requested_t *ike_auth_requested_create(protected_ike_sa_t *ike_sa)
 {
        private_ike_auth_requested_t *this = allocator_alloc_thing(private_ike_auth_requested_t);
 
@@ -371,9 +362,7 @@ ike_auth_requested_t *ike_auth_requested_create(protected_ike_sa_t *ike_sa, chun
        
        /* private data */
        this->ike_sa = ike_sa;
-       this->sent_nonce = sent_nonce;
-       this->received_nonce = received_nonce;
-       
+       this->logger = this->ike_sa->get_logger(this->ike_sa);
        
        return &(this->public);
 }
index 0c502c3..5b35126 100644 (file)
@@ -52,6 +52,6 @@ struct ike_auth_requested_t {
  * 
  * @ingroup states
  */
-ike_auth_requested_t *ike_auth_requested_create(protected_ike_sa_t *ike_sa, chunk_t sent_nonce, chunk_t received_nonce);
+ike_auth_requested_t *ike_auth_requested_create(protected_ike_sa_t *ike_sa);
 
 #endif /*IKE_AUTH_REQUESTED_H_*/
index 62fa172..b5ebd12 100644 (file)
@@ -394,7 +394,7 @@ static status_t process_message(private_ike_sa_init_requested_t *this, message_t
 
        /* state can now be changed */
        this->logger->log(this->logger, CONTROL|MOST, "Create next state object");
-       next_state = ike_auth_requested_create(this->ike_sa,this->sent_nonce,this->received_nonce);
+       next_state = ike_auth_requested_create(this->ike_sa);
 
        /* state can now be changed */ 
        this->ike_sa->set_new_state(this->ike_sa,(state_t *) next_state);
@@ -517,9 +517,14 @@ static void build_tsi_payload (private_ike_sa_init_requested_t *this, payload_t
        
        sa_config = this->ike_sa->get_sa_config(this->ike_sa);
        traffic_selectors_count = sa_config->get_traffic_selectors_initiator(sa_config,&traffic_selectors);
-       printf("traffic_selectors: %d\n", traffic_selectors_count);
        ts_payload = ts_payload_create_from_traffic_selectors(TRUE,traffic_selectors, traffic_selectors_count);
        
+       /* cleanup traffic selectors */
+       while(traffic_selectors_count--) 
+       {
+               traffic_selector_t *ts = *traffic_selectors + traffic_selectors_count;
+               ts->destroy(ts);
+       }       
        allocator_free(traffic_selectors);
 
        *payload = (payload_t *) ts_payload;
@@ -538,6 +543,13 @@ static void build_tsr_payload (private_ike_sa_init_requested_t *this, payload_t
        sa_config = this->ike_sa->get_sa_config(this->ike_sa);
        traffic_selectors_count = sa_config->get_traffic_selectors_responder(sa_config,&traffic_selectors);
        ts_payload = ts_payload_create_from_traffic_selectors(FALSE,traffic_selectors, traffic_selectors_count);
+       
+       /* cleanup traffic selectors */
+       while(traffic_selectors_count--) 
+       {
+               traffic_selector_t *ts = *traffic_selectors + traffic_selectors_count;
+               ts->destroy(ts);
+       }       
        allocator_free(traffic_selectors);
 
        *payload = (payload_t *) ts_payload;
@@ -561,6 +573,10 @@ static void destroy_after_state_change (private_ike_sa_init_requested_t *this)
        
        this->logger->log(this->logger, CONTROL | MOST, "Destroy diffie hellman object");
        this->diffie_hellman->destroy(this->diffie_hellman);
+       this->logger->log(this->logger, CONTROL | MOST, "Destroy sent nonce");  
+       allocator_free(this->sent_nonce.ptr);
+       this->logger->log(this->logger, CONTROL | MOST, "Destroy received nonce");
+       allocator_free(this->received_nonce.ptr);
        this->logger->log(this->logger, CONTROL | MOST, "Destroy shared secret (secrets allready derived)");
        allocator_free_chunk(&(this->shared_secret));
        this->logger->log(this->logger, CONTROL | MOST, "Destroy object itself");
index f97bae8..ddc9c40 100644 (file)
@@ -346,7 +346,7 @@ static status_t build_ts_payload(private_ike_sa_init_responded_t *this, bool ts_
        size_t ts_received_count, ts_selected_count;
        status_t status = SUCCESS;
        ts_payload_t *ts_response;
-       
+
        /* build a reply payload with selected traffic selectors */
        ts_received_count = request->get_traffic_selectors(request, &ts_received);
        /* select ts depending on payload type */
index 53e81f9..28eea6e 100644 (file)
@@ -214,8 +214,8 @@ int main()
        tester_t *tester = tester_create(test_output, FALSE);
        
 
-//     tester->perform_tests(tester,all_tests);
-       tester->perform_test(tester,&sa_config_test); 
+       tester->perform_tests(tester,all_tests);
+//     tester->perform_test(tester,&sa_config_test); 
        
        
        tester->destroy(tester);