]> git.ipfire.org Git - people/ms/strongswan.git/blame - Source/charon/sa/states/ike_auth_requested.c
projects / people / ms / strongswan.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
- reworked usage of IDs in various states
[people/ms/strongswan.git] / Source / charon / sa / states / ike_auth_requested.c
CommitLineData
c7dd2a7b
MW		 1/**
2 * @file ike_auth_requested.c
3 *
df3c59d0 4 * @brief Implementation of ike_auth_requested_t.
c7dd2a7b
MW		 5 *
6 */
7
8/*
9 * Copyright (C) 2005 Jan Hutter, Martin Willi
10 * Hochschule fuer Technik Rapperswil
11 *
12 * This program is free software; you can redistribute it and/or modify it
13 * under the terms of the GNU General Public License as published by the
14 * Free Software Foundation; either version 2 of the License, or (at your
15 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
16 *
17 * This program is distributed in the hope that it will be useful, but
18 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
19 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
20 * for more details.
21 */
5113680f
MW		 22
23#include <string.h>
24
c7dd2a7b
MW		 25#include "ike_auth_requested.h"
26
ccf783d2 27#include <daemon.h>
ccf783d2
MW		 28#include <encoding/payloads/ts_payload.h>
29#include <encoding/payloads/sa_payload.h>
30#include <encoding/payloads/id_payload.h>
31#include <encoding/payloads/auth_payload.h>
94b0f906 32#include <encoding/payloads/notify_payload.h>
68621281
MW		 33#include <crypto/signers/signer.h>
34#include <crypto/crypters/crypter.h>
ccf783d2 35#include <sa/states/ike_sa_established.h>
0fdc3c7f 36#include <sa/authenticator.h>
aeda79ff 37#include <sa/child_sa.h>
5796aa16
MW		 38
39typedef struct private_ike_auth_requested_t private_ike_auth_requested_t;
40
c7dd2a7b
MW		 41/**
42 * Private data of a ike_auth_requested_t object.
43 *
44 */
5796aa16 45struct private_ike_auth_requested_t {
c7dd2a7b 46 /**
9affa65c 47 * Public interface of ike_auth_requested_t.
c7dd2a7b
MW		 48 */
49 ike_auth_requested_t public;
50
c7dd2a7b 51 /**
9affa65c 52 * Assigned IKE_SA.
c7dd2a7b
MW		 53 */
54 protected_ike_sa_t *ike_sa;
ccf783d2
MW		 55
56 /**
9affa65c 57 * SA config, just a copy of the one stored in the ike_sa.
ccf783d2 58 */
16b9a73c 59 policy_t *policy;
0fdc3c7f
JH		 60
61 /**
9affa65c 62 * Received nonce from responder.
0fdc3c7f
JH		 63 */
64 chunk_t received_nonce;
8d68033e
JH		 65
66 /**
67 * Sent nonce in IKE_SA_INIT request.
68 */
69 chunk_t sent_nonce;
70
71 /**
72 * IKE_SA_INIT-Request in binary form.
73 */
74 chunk_t ike_sa_init_reply_data;
30b5b412 75
a527a426
MW		 76 /**
77 * Proposal to setup CHILD_SA
78 */
79 proposal_t *proposal;
80
81 /**
82 * Traffic selectors applicable at our site
83 */
84 linked_list_t *my_ts;
85
86 /**
87 * Traffic selectors applicable at remote site
88 */
89 linked_list_t *other_ts;
90
30b5b412
MW		 91 /**
92 * Child sa created in ike_sa_init_requested
93 */
94 child_sa_t *child_sa;
ccf783d2
MW		 95
96 /**
9affa65c 97 * Assigned Logger.
ccf783d2
MW		 98 *
99 * Is logger of ike_sa!
100 */
101 logger_t *logger;
102
016dfc72 103 /**
9affa65c
JH		 104 * Process the IDr payload (check if other id is valid)
105 *
106 * @param this calling object
107 * @param idr_payload ID payload of responder
108 * @return
109 * - SUCCESS
110 * - DELETE_ME
016dfc72 111 */
ccf783d2 112 status_t (*process_idr_payload) (private_ike_auth_requested_t *this, id_payload_t *idr_payload);
016dfc72
MW		 113
114 /**
9affa65c
JH		 115 * Process the SA payload (check if selected proposals are valid, setup child sa)
116 *
117 * @param this calling object
118 * @param sa_payload SA payload of responder
119 *
120 * - SUCCESS
121 * - DELETE_ME
016dfc72 122 */
ccf783d2 123 status_t (*process_sa_payload) (private_ike_auth_requested_t *this, sa_payload_t *sa_payload);
016dfc72
MW		 124
125 /**
9affa65c
JH		 126 * Process the AUTH payload (check authenticity of message)
127 *
128 * @param this calling object
129 * @param auth_payload AUTH payload of responder
130 * @param other_id_payload ID payload of responder
131 *
132 * - SUCCESS
133 * - DELETE_ME
016dfc72 134 */
0fdc3c7f 135 status_t (*process_auth_payload) (private_ike_auth_requested_t *this, auth_payload_t *auth_payload, id_payload_t *other_id_payload);
016dfc72
MW		 136
137 /**
9affa65c
JH		 138 * Process the TS payload (check if selected traffic selectors are valid)
139 *
140 * @param this calling object
141 * @param ts_initiator TRUE if TS payload is TSi, FALSE for TSr
142 * @param ts_payload TS payload of responder
143 *
144 * - SUCCESS
145 * - DELETE_ME
016dfc72 146 */
ccf783d2 147 status_t (*process_ts_payload) (private_ike_auth_requested_t *this, bool ts_initiator, ts_payload_t *ts_payload);
283dbcc5
MW		 148
149 /**
150 * Process a notify payload
151 *
e9c0ca15
JH		 152 * @param this calling object
153 * @param notify_payload notify payload
283dbcc5
MW		 154 *
155 * - SUCCESS
e9c0ca15 156 * - FAILED
283dbcc5
MW		 157 * - DELETE_ME
158 */
159 status_t (*process_notify_payload) (private_ike_auth_requested_t *this, notify_payload_t *notify_payload);
30b5b412
MW		 160
161 /**
162 * Destroy function called internally of this class after state change to
163 * state IKE_SA_ESTABLISHED succeeded.
164 *
165 * This destroy function does not destroy objects which were passed to the new state.
166 *
167 * @param this calling object
168 */
169 void (*destroy_after_state_change) (private_ike_auth_requested_t *this);
c7dd2a7b
MW		 170};
171
ccf783d2 172
c7dd2a7b 173/**
ccf783d2
MW		 174 * Implements state_t.process_message
175 */
94b0f906 176static status_t process_message(private_ike_auth_requested_t *this, message_t *ike_auth_reply)
ccf783d2 177{
283dbcc5 178 ts_payload_t *tsi_payload = NULL, *tsr_payload = NULL;
ccb37df2 179 id_payload_t *idr_payload = NULL;
283dbcc5
MW		 180 auth_payload_t *auth_payload = NULL;
181 sa_payload_t *sa_payload = NULL;
182 iterator_t *payloads = NULL;
183 crypter_t *crypter = NULL;
184 signer_t *signer = NULL;
9affa65c 185 status_t status;
283dbcc5 186 host_t *my_host, *other_host;
a527a426
MW		 187 chunk_t seed;
188 prf_plus_t *prf_plus;
16b9a73c 189 connection_t *connection;
ccf783d2 190
9affa65c 191 if (ike_auth_reply->get_exchange_type(ike_auth_reply) != IKE_AUTH)
ccf783d2 192 {
aee3eb52 193 this->logger->log(this->logger, ERROR | LEVEL1, "Message of type %s not supported in state ike_auth_requested",
9affa65c 194 mapping_find(exchange_type_m,ike_auth_reply->get_exchange_type(ike_auth_reply)));
ccf783d2
MW		 195 return FAILED;
196 }
197
94b0f906 198 if (ike_auth_reply->get_request(ike_auth_reply))
ccf783d2 199 {
283dbcc5 200 this->logger->log(this->logger, ERROR | LEVEL1, "IKE_AUTH requests not allowed state ike_sa_init_responded");
ccf783d2
MW		 201 return FAILED;
202 }
203
204 /* get signer for verification and crypter for decryption */
205 signer = this->ike_sa->get_signer_responder(this->ike_sa);
206 crypter = this->ike_sa->get_crypter_responder(this->ike_sa);
207
208 /* parse incoming message */
94b0f906 209 status = ike_auth_reply->parse_body(ike_auth_reply, crypter, signer);
ccf783d2
MW		 210 if (status != SUCCESS)
211 {
e9c0ca15 212 this->logger->log(this->logger, AUDIT, "IKE_AUTH reply decryption failed. Ignoring message");
ccf783d2
MW		 213 return status;
214 }
215
16b9a73c 216 this->policy = this->ike_sa->get_policy(this->ike_sa);
ccf783d2 217
283dbcc5
MW		 218 /* we collect all payloads, which are processed later. Notify's are processed
219 * in place, since we don't know how may are there.
220 */
94b0f906 221 payloads = ike_auth_reply->get_payload_iterator(ike_auth_reply);
ccf783d2
MW		 222 while (payloads->has_next(payloads))
223 {
224 payload_t *payload;
225 payloads->current(payloads, (void**)&payload);
226
227 switch (payload->get_type(payload))
228 {
229 case AUTHENTICATION:
230 {
231 auth_payload = (auth_payload_t*)payload;
232 break;
233 }
234 case ID_RESPONDER:
235 {
236 idr_payload = (id_payload_t*)payload;
237 break;
238 }
239 case SECURITY_ASSOCIATION:
240 {
241 sa_payload = (sa_payload_t*)payload;
242 break;
243 }
ccf783d2
MW		 244 case TRAFFIC_SELECTOR_INITIATOR:
245 {
246 tsi_payload = (ts_payload_t*)payload;
247 break;
248 }
249 case TRAFFIC_SELECTOR_RESPONDER:
250 {
251 tsr_payload = (ts_payload_t*)payload;
252 break;
253 }
94b0f906
JH		 254 case NOTIFY:
255 {
256 notify_payload_t *notify_payload = (notify_payload_t *) payload;
283dbcc5
MW		 257 /* handle the notify directly, abort if no further processing required */
258 status = this->process_notify_payload(this, notify_payload);
259 if (status != SUCCESS)
94b0f906 260 {
94b0f906 261 payloads->destroy(payloads);
283dbcc5 262 return status;
94b0f906
JH		 263 }
264 }
283dbcc5
MW		 265 case CERTIFICATE:
266 {
267 /* TODO handle cert payloads */
268 }
ccf783d2
MW		 269 default:
270 {
283dbcc5
MW		 271 this->logger->log(this->logger, ERROR|LEVEL1, "Ignoring Payload %s (%d)",
272 mapping_find(payload_type_m, payload->get_type(payload)), payload->get_type(payload));
9affa65c 273 break;
ccf783d2
MW		 274 }
275 }
276 }
277 /* iterator can be destroyed */
278 payloads->destroy(payloads);
283dbcc5
MW		 279
280 /* check if we have all payloads */
281 if (!(idr_payload && sa_payload && auth_payload && tsi_payload && tsr_payload))
282 {
283 this->logger->log(this->logger, AUDIT, "IKE_AUTH reply did not contain all required payloads. Deleting IKE_SA");
284 return DELETE_ME;
285 }
ccb37df2 286
016dfc72 287 /* process all payloads */
ccf783d2
MW		 288 status = this->process_idr_payload(this, idr_payload);
289 if (status != SUCCESS)
290 {
ccf783d2
MW		 291 return status;
292 }
fb8aa445 293 status = this->process_auth_payload(this, auth_payload,idr_payload);
ccf783d2
MW		 294 if (status != SUCCESS)
295 {
ccf783d2
MW		 296 return status;
297 }
fb8aa445 298 status = this->process_sa_payload(this, sa_payload);
ccf783d2
MW		 299 if (status != SUCCESS)
300 {
ccf783d2
MW		 301 return status;
302 }
303 status = this->process_ts_payload(this, TRUE, tsi_payload);
304 if (status != SUCCESS)
305 {
ccf783d2
MW		 306 return status;
307 }
308 status = this->process_ts_payload(this, FALSE, tsr_payload);
309 if (status != SUCCESS)
310 {
ccf783d2
MW		 311 return status;
312 }
a527a426
MW		 313
314 /* install child SAs for AH and esp */
315 if (!this->child_sa)
316 {
317 this->logger->log(this->logger, CONTROL, "No CHILD_SA requested, no CHILD_SA built");
318 }
319 if (!this->proposal)
320 {
321 this->logger->log(this->logger, CONTROL, "Proposal negotiation failed, no CHILD_SA built");
5d187bd2
MW		 322 this->child_sa->destroy(this->child_sa);
323 this->child_sa = NULL;
a527a426
MW		 324 }
325 else if (this->my_ts->get_count(this->my_ts) == 0 || this->other_ts->get_count(this->other_ts) == 0)
326 {
327 this->logger->log(this->logger, CONTROL, "Traffic selector negotiation failed, no CHILD_SA built");
5d187bd2
MW		 328 this->child_sa->destroy(this->child_sa);
329 this->child_sa = NULL;
a527a426
MW		 330 }
331 else
332 {
5113680f 333 seed = chunk_alloc(this->sent_nonce.len + this->received_nonce.len);
a527a426
MW		 334 memcpy(seed.ptr, this->sent_nonce.ptr, this->sent_nonce.len);
335 memcpy(seed.ptr + this->sent_nonce.len, this->received_nonce.ptr, this->received_nonce.len);
336 prf_plus = prf_plus_create(this->ike_sa->get_child_prf(this->ike_sa), seed);
5113680f 337 chunk_free(&seed);
a527a426
MW		 338
339 status = this->child_sa->update(this->child_sa, this->proposal, prf_plus);
340 prf_plus->destroy(prf_plus);
341 if (status != SUCCESS)
342 {
343 this->logger->log(this->logger, AUDIT, "Could not install CHILD_SA! Deleting IKE_SA");
344 return DELETE_ME;
345 }
5d187bd2 346 status = this->child_sa->add_policies(this->child_sa, this->my_ts, this->other_ts);
a527a426
MW		 347 if (status != SUCCESS)
348 {
349 this->logger->log(this->logger, AUDIT, "Could not install CHILD_SA policy! Deleting IKE_SA");
350 return DELETE_ME;
351 }
352 this->ike_sa->add_child_sa(this->ike_sa, this->child_sa);
353 }
354
94b0f906 355 this->ike_sa->set_last_replied_message_id(this->ike_sa,ike_auth_reply->get_message_id(ike_auth_reply));
87a217f9 356
ccf783d2 357 /* create new state */
87a217f9
MW		 358 this->ike_sa->set_new_state(this->ike_sa, (state_t*)ike_sa_established_create(this->ike_sa));
359 this->destroy_after_state_change(this);
360
16b9a73c
MW		 361 connection = this->ike_sa->get_connection(this->ike_sa);
362 my_host = connection->get_my_host(connection);
363 other_host = connection->get_other_host(connection);
87a217f9
MW		 364 this->logger->log(this->logger, AUDIT, "IKE_SA established between %s - %s",
365 my_host->get_address(my_host), other_host->get_address(other_host));
366
ccf783d2
MW		 367 return SUCCESS;
368}
369
370/**
016dfc72 371 * Implements private_ike_auth_requested_t.process_idr_payload
c7dd2a7b 372 */
ccf783d2 373static status_t process_idr_payload(private_ike_auth_requested_t *this, id_payload_t *idr_payload)
c7dd2a7b 374{
ccf783d2 375 identification_t *other_id, *configured_other_id;
eea35346 376 connection_t *connection;
ccf783d2 377
01de2f3c 378 other_id = idr_payload->get_identification(idr_payload);
16b9a73c 379 configured_other_id = this->policy->get_other_id(this->policy);
eea35346
MW		 380
381 this->logger->log(this->logger, CONTROL|LEVEL1, "configured ID: %s, ID of responder: %s",
382 configured_other_id->get_string(configured_other_id),
383 other_id->get_string(other_id));
384
385 if (!other_id->belongs_to(other_id, configured_other_id))
ccf783d2 386 {
eea35346
MW		 387 other_id->destroy(other_id);
388 this->logger->log(this->logger, AUDIT, "IKE_AUTH reply contained a not acceptable ID. Deleting IKE_SA");
389 return DELETE_ME;
ccf783d2 390 }
01de2f3c 391
eea35346
MW		 392 connection = this->ike_sa->get_connection(this->ike_sa);
393 connection->update_other_id(connection, other_id->clone(other_id));
394
395 this->policy->update_other_id(this->policy, other_id);
ccf783d2
MW		 396 return SUCCESS;
397}
398
399/**
016dfc72 400 * Implements private_ike_auth_requested_t.process_sa_payload
ccf783d2
MW		 401 */
402static status_t process_sa_payload(private_ike_auth_requested_t *this, sa_payload_t *sa_payload)
403{
ce461bbd 404 proposal_t *proposal, *proposal_tmp;
c06dbbab 405 linked_list_t *proposal_list;
93df94ac 406
dfa6e086 407 /* get his selected proposal */
ce461bbd 408 proposal_list = sa_payload->get_proposals(sa_payload);
c06dbbab
MW		 409 /* check count of proposals */
410 if (proposal_list->get_count(proposal_list) == 0)
ccf783d2 411 {
dfa6e086 412 /* no proposal? we accept this, but no child sa is built */
c06dbbab
MW		 413 this->logger->log(this->logger, AUDIT, "IKE_AUTH reply's SA_PAYLOAD didn't contain any proposals. No CHILD_SA created",
414 proposal_list->get_count(proposal_list));
dfa6e086 415 proposal_list->destroy(proposal_list);
283dbcc5 416 return SUCCESS;
ccf783d2 417 }
c06dbbab 418 if (proposal_list->get_count(proposal_list) > 1)
ccf783d2 419 {
c06dbbab
MW		 420 this->logger->log(this->logger, AUDIT, "IKE_AUTH reply's SA_PAYLOAD contained %d proposal. Deleting IKE_SA",
421 proposal_list->get_count(proposal_list));
dfa6e086
MW		 422 while (proposal_list->remove_last(proposal_list, (void**)&proposal) == SUCCESS)
423 {
424 proposal->destroy(proposal);
425 }
426 proposal_list->destroy(proposal_list);
9affa65c 427 return DELETE_ME;
ccf783d2
MW		 428 }
429
c06dbbab 430 /* we have to re-check here if other's selection is valid */
16b9a73c 431 proposal = this->policy->select_proposal(this->policy, proposal_list);
dfa6e086
MW		 432 /* list not needed anymore */
433 while (proposal_list->remove_last(proposal_list, (void**)&proposal_tmp) == SUCCESS)
434 {
435 proposal_tmp->destroy(proposal_tmp);
436 }
437 proposal_list->destroy(proposal_list);
438 /* got a match? */
c06dbbab 439 if (proposal == NULL)
ccf783d2 440 {
283dbcc5 441 this->logger->log(this->logger, AUDIT, "IKE_AUTH reply contained a not offered proposal. Deleting IKE_SA");
9affa65c 442 return DELETE_ME;
ccf783d2 443 }
aeda79ff 444
a527a426
MW		 445 /* apply proposal */
446 this->proposal = proposal;
dfa6e086 447
c7dd2a7b
MW		 448 return SUCCESS;
449}
450
ccf783d2 451/**
016dfc72 452 * Implements private_ike_auth_requested_t.process_auth_payload
ccf783d2 453 */
0fdc3c7f 454static status_t process_auth_payload(private_ike_auth_requested_t *this, auth_payload_t *auth_payload, id_payload_t *other_id_payload)
ccf783d2 455{
0fdc3c7f 456 authenticator_t *authenticator;
8d68033e 457 status_t status;
8d68033e 458
0fdc3c7f 459 authenticator = authenticator_create(this->ike_sa);
f6ba78c3 460 status = authenticator->verify_auth_data(authenticator,auth_payload,this->ike_sa_init_reply_data,this->sent_nonce,other_id_payload,FALSE);
0fdc3c7f 461 authenticator->destroy(authenticator);
8d68033e
JH		 462 if (status != SUCCESS)
463 {
283dbcc5 464 this->logger->log(this->logger, AUDIT, "Verification of IKE_AUTH reply failed. Deleting IKE_SA");
9affa65c 465 return DELETE_ME;
8d68033e
JH		 466 }
467
283dbcc5 468 this->logger->log(this->logger, CONTROL|LEVEL1, "AUTH data verified successfully");
ccf783d2
MW		 469 return SUCCESS;
470}
471
472/**
016dfc72 473 * Implements private_ike_auth_requested_t.process_ts_payload
ccf783d2
MW		 474 */
475static status_t process_ts_payload(private_ike_auth_requested_t *this, bool ts_initiator, ts_payload_t *ts_payload)
476{
a527a426
MW		 477 linked_list_t *ts_received, *ts_selected;
478 traffic_selector_t *ts;
ccf783d2
MW		 479
480 /* get ts form payload */
a527a426 481 ts_received = ts_payload->get_traffic_selectors(ts_payload);
ccf783d2
MW		 482 /* select ts depending on payload type */
483 if (ts_initiator)
484 {
16b9a73c 485 ts_selected = this->policy->select_my_traffic_selectors(this->policy, ts_received);
a527a426 486 this->my_ts = ts_selected;
ccf783d2
MW		 487 }
488 else
489 {
16b9a73c 490 ts_selected = this->policy->select_other_traffic_selectors(this->policy, ts_received);
a527a426 491 this->other_ts = ts_selected;
ccf783d2
MW		 492 }
493 /* check if the responder selected valid proposals */
a527a426 494 if (ts_selected->get_count(ts_selected) != ts_received->get_count(ts_received))
ccf783d2 495 {
f4d8999c 496 this->logger->log(this->logger, AUDIT, "IKE_AUTH reply contained not offered traffic selectors.");
ccf783d2
MW		 497 }
498
499 /* cleanup */
a527a426 500 while (ts_received->remove_last(ts_received, (void**)&ts) == SUCCESS)
ccf783d2 501 {
ccf783d2
MW		 502 ts->destroy(ts);
503 }
a527a426
MW		 504 ts_received->destroy(ts_received);
505
506 return SUCCESS;
ccf783d2 507}
283dbcc5
MW		 508
509/**
510 * Implements private_ike_auth_requested_t.process_notify_payload
511 */
512static status_t process_notify_payload(private_ike_auth_requested_t *this, notify_payload_t *notify_payload)
513{
514 notify_message_type_t notify_message_type = notify_payload->get_notify_message_type(notify_payload);
515
dec59822
MW		 516 this->logger->log(this->logger, CONTROL|LEVEL1, "Process notify type %s",
517 mapping_find(notify_message_type_m, notify_message_type));
283dbcc5
MW		 518
519 switch (notify_message_type)
520 {
521 case INVALID_SYNTAX:
522 {
523 this->logger->log(this->logger, AUDIT, "IKE_AUTH reply contained an INVALID_SYNTAX notify. Deleting IKE_SA");
524 return DELETE_ME;
525
526 }
527 case AUTHENTICATION_FAILED:
528 {
529 this->logger->log(this->logger, AUDIT, "IKE_AUTH reply contained an AUTHENTICATION_FAILED notify. Deleting IKE_SA");
530 return DELETE_ME;
531
532 }
533 case SINGLE_PAIR_REQUIRED:
534 {
535 this->logger->log(this->logger, AUDIT, "IKE_AUTH reply contained a SINGLE_PAIR_REQUIRED notify. Deleting IKE_SA");
536 return DELETE_ME;
537 }
538 default:
539 {
540 /*
541 * - In case of unknown error: IKE_SA gets destroyed.
542 * - In case of unknown status: logging
543 */
544
545 if (notify_message_type < 16383)
546 {
547 this->logger->log(this->logger, AUDIT, "IKE_AUTH reply contained an unknown notify error (%d). Deleting IKE_SA",
548 notify_message_type);
549 return DELETE_ME;
550
551 }
552 else
553 {
5346c894
MW		 554 this->logger->log(this->logger, CONTROL, "IKE_AUTH reply contained an unknown notify (%d), ignored.",
555 notify_message_type);
283dbcc5
MW		 556 return SUCCESS;
557 }
558 }
559 }
560}
561
c7dd2a7b
MW		 562/**
563 * Implements state_t.get_state
564 */
565static ike_sa_state_t get_state(private_ike_auth_requested_t *this)
566{
567 return IKE_AUTH_REQUESTED;
568}
569
570/**
571 * Implements state_t.get_state
572 */
d048df5c 573static void destroy(private_ike_auth_requested_t *this)
30b5b412 574{
5113680f
MW		 575 chunk_free(&(this->received_nonce));
576 chunk_free(&(this->sent_nonce));
577 chunk_free(&(this->ike_sa_init_reply_data));
30b5b412
MW		 578 if (this->child_sa)
579 {
580 this->child_sa->destroy(this->child_sa);
581 }
a527a426
MW		 582 if (this->my_ts)
583 {
584 traffic_selector_t *ts;
585 while (this->my_ts->remove_last(this->my_ts, (void**)&ts) == SUCCESS)
586 {
587 ts->destroy(ts);
588 }
589 this->my_ts->destroy(this->my_ts);
590 }
591 if (this->other_ts)
592 {
593 traffic_selector_t *ts;
594 while (this->other_ts->remove_last(this->other_ts, (void**)&ts) == SUCCESS)
595 {
596 ts->destroy(ts);
597 }
598 this->other_ts->destroy(this->other_ts);
599 }
600 if (this->proposal)
601 {
602 this->proposal->destroy(this->proposal);
603 }
5113680f 604 free(this);
30b5b412
MW		 605}
606/**
607 * Implements protected_ike_sa_t.destroy_after_state_change
608 */
609static void destroy_after_state_change(private_ike_auth_requested_t *this)
c7dd2a7b 610{
5113680f
MW		 611 chunk_free(&(this->received_nonce));
612 chunk_free(&(this->sent_nonce));
613 chunk_free(&(this->ike_sa_init_reply_data));
a527a426
MW		 614 if (this->my_ts)
615 {
616 traffic_selector_t *ts;
617 while (this->my_ts->remove_last(this->my_ts, (void**)&ts) == SUCCESS)
618 {
619 ts->destroy(ts);
620 }
621 this->my_ts->destroy(this->my_ts);
622 }
623 if (this->other_ts)
624 {
625 traffic_selector_t *ts;
626 while (this->other_ts->remove_last(this->other_ts, (void**)&ts) == SUCCESS)
627 {
628 ts->destroy(ts);
629 }
630 this->other_ts->destroy(this->other_ts);
631 }
632 if (this->proposal)
633 {
634 this->proposal->destroy(this->proposal);
635 }
5113680f 636 free(this);
c7dd2a7b
MW		 637}
638
639/*
640 * Described in header.
641 */
30b5b412 642ike_auth_requested_t *ike_auth_requested_create(protected_ike_sa_t *ike_sa,chunk_t sent_nonce,chunk_t received_nonce,chunk_t ike_sa_init_reply_data, child_sa_t *child_sa)
c7dd2a7b 643{
5113680f 644 private_ike_auth_requested_t *this = malloc_thing(private_ike_auth_requested_t);
c7dd2a7b
MW		 645
646 /* interface functions */
aad398a7 647 this->public.state_interface.process_message = (status_t (*) (state_t *,message_t *)) process_message;
c7dd2a7b 648 this->public.state_interface.get_state = (ike_sa_state_t (*) (state_t *)) get_state;
d048df5c 649 this->public.state_interface.destroy = (void (*) (state_t *)) destroy;
c7dd2a7b 650
ccf783d2 651 /* private functions */
ccf783d2
MW		 652 this->process_idr_payload = process_idr_payload;
653 this->process_sa_payload = process_sa_payload;
654 this->process_auth_payload = process_auth_payload;
655 this->process_ts_payload = process_ts_payload;
283dbcc5 656 this->process_notify_payload = process_notify_payload;
30b5b412 657 this->destroy_after_state_change = destroy_after_state_change;
ccf783d2 658
c7dd2a7b
MW		 659 /* private data */
660 this->ike_sa = ike_sa;
0fdc3c7f 661 this->received_nonce = received_nonce;
8d68033e
JH		 662 this->sent_nonce = sent_nonce;
663 this->ike_sa_init_reply_data = ike_sa_init_reply_data;
5113680f 664 this->logger = logger_manager->get_logger(logger_manager, IKE_SA);
a527a426
MW		 665 this->my_ts = NULL;
666 this->other_ts = NULL;
667 this->proposal = NULL;
30b5b412 668 this->child_sa = child_sa;
c7dd2a7b
MW		 669
670 return &(this->public);
671}
Michael's strongswan development tree