]> git.ipfire.org Git - people/ms/strongswan.git/blob - src/charon/sa/states/ike_sa_init_requested.c
projects / people / ms / strongswan.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
(no commit message)
[people/ms/strongswan.git] / src / charon / sa / states / ike_sa_init_requested.c
1 /**
2 * @file ike_sa_init_requested.c
3 *
4 * @brief Implementation of ike_sa_init_requested_t.
5 *
6 */
7
8 /*
9 * Copyright (C) 2005 Jan Hutter, Martin Willi
10 * Hochschule fuer Technik Rapperswil
11 *
12 * This program is free software; you can redistribute it and/or modify it
13 * under the terms of the GNU General Public License as published by the
14 * Free Software Foundation; either version 2 of the License, or (at your
15 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
16 *
17 * This program is distributed in the hope that it will be useful, but
18 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
19 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
20 * for more details.
21 */
22
23 #include "ike_sa_init_requested.h"
24
25 #include <daemon.h>
26 #include <encoding/payloads/sa_payload.h>
27 #include <encoding/payloads/ke_payload.h>
28 #include <encoding/payloads/nonce_payload.h>
29 #include <encoding/payloads/notify_payload.h>
30 #include <encoding/payloads/id_payload.h>
31 #include <encoding/payloads/auth_payload.h>
32 #include <encoding/payloads/ts_payload.h>
33 #include <crypto/diffie_hellman.h>
34 #include <sa/states/ike_auth_requested.h>
35 #include <sa/states/initiator_init.h>
36 #include <sa/authenticator.h>
37
38
39 typedef struct private_ike_sa_init_requested_t private_ike_sa_init_requested_t;
40
41 /**
42 * Private data of a ike_sa_init_requested_t object.
43 *
44 */
45 struct private_ike_sa_init_requested_t {
46 /**
47 * Public interface of an ike_sa_init_requested_t object.
48 */
49 ike_sa_init_requested_t public;
50
51 /**
52 * Assigned IKE_SA
53 */
54 protected_ike_sa_t *ike_sa;
55
56 /**
57 * Diffie Hellman object used to compute shared secret.
58 */
59 diffie_hellman_t *diffie_hellman;
60
61 /**
62 * Sent nonce value.
63 */
64 chunk_t sent_nonce;
65
66 /**
67 * Received nonce
68 */
69 chunk_t received_nonce;
70
71 /**
72 * Selected proposal
73 */
74 proposal_t *proposal;
75
76 /**
77 * Packet data of ike_sa_init request
78 */
79 chunk_t ike_sa_init_request_data;
80
81 /**
82 * Created child sa, if any
83 */
84 child_sa_t *child_sa;
85
86 /**
87 * Assigned logger
88 *
89 * Is logger of ike_sa!
90 */
91 logger_t *logger;
92
93
94 /**
95 * Process NONCE payload of IKE_SA_INIT response.
96 *
97 * @param this calling object
98 * @param nonce_payload NONCE payload to process
99 * @return SUCCESS in any case
100 */
101 status_t (*process_nonce_payload) (private_ike_sa_init_requested_t *this, nonce_payload_t *nonce_payload);
102
103 /**
104 * Process SA payload of IKE_SA_INIT response.
105 *
106 * @param this calling object
107 * @param sa_payload SA payload to process
108 * @return
109 * - SUCCESS
110 * - FAILED
111 */
112 status_t (*process_sa_payload) (private_ike_sa_init_requested_t *this, sa_payload_t *sa_payload);
113
114 /**
115 * Process KE payload of IKE_SA_INIT response.
116 *
117 * @param this calling object
118 * @param sa_payload KE payload to process
119 * @return
120 * - SUCCESS
121 * - FAILED
122 */
123 status_t (*process_ke_payload) (private_ike_sa_init_requested_t *this, ke_payload_t *ke_payload);
124
125 /**
126 * Build ID payload for IKE_AUTH request.
127 *
128 * @param this calling object
129 * @param[out] id_payload buildet ID payload
130 * @param response created payload will be added to this message_t object
131 * @return
132 * - SUCCESS
133 * - FAILED
134 */
135 status_t (*build_id_payload) (private_ike_sa_init_requested_t *this,id_payload_t **id_payload, message_t *response);
136
137 /**
138 * Build IDr payload for IKE_AUTH request.
139 *
140 * Only built when the ID of the responder contains no wildcards.
141 *
142 * @param this calling object
143 * @param response created payload will be added to this message_t object
144 * @return
145 * - SUCCESS
146 * - FAILED
147 */
148 status_t (*build_idr_payload) (private_ike_sa_init_requested_t *this, message_t *response);
149
150 /**
151 * Build AUTH payload for IKE_AUTH request.
152 *
153 * @param this calling object
154 * @param my_id_payload buildet ID payload
155 * @param response created payload will be added to this message_t object
156 * @return
157 * - SUCCESS
158 * - FAILED
159 */
160 status_t (*build_auth_payload) (private_ike_sa_init_requested_t *this,id_payload_t *my_id_payload, message_t *response);
161
162 /**
163 * Build SA payload for IKE_AUTH request.
164 *
165 * @param this calling object
166 * @param response created payload will be added to this message_t object
167 * @return
168 * - SUCCESS
169 * - FAILED
170 */
171 status_t (*build_sa_payload) (private_ike_sa_init_requested_t *this, message_t *response);
172
173 /**
174 * Build TSi payload for IKE_AUTH request.
175 *
176 * @param this calling object
177 * @param response created payload will be added to this message_t object
178 * @return
179 * - SUCCESS
180 * - FAILED
181 */
182 status_t (*build_tsi_payload) (private_ike_sa_init_requested_t *this, message_t *response);
183
184 /**
185 * Build TSr payload for IKE_AUTH request.
186 *
187 * @param this calling object
188 * @param response created payload will be added to this message_t object
189 * @return
190 * - SUCCESS
191 * - FAILED
192 */
193 status_t (*build_tsr_payload) (private_ike_sa_init_requested_t *this, message_t *response);
194
195 /**
196 * Process a notify payload and react.
197 *
198 * @param this calling object
199 * @param notify_payload notify_payload to handle
200 */
201 status_t (*process_notify_payload) (private_ike_sa_init_requested_t *this, notify_payload_t *notify_payload);
202
203 /**
204 * Destroy function called internally of this class after state change to
205 * state IKE_AUTH_REQUESTED succeeded.
206 *
207 * This destroy function does not destroy objects which were passed to the new state.
208 *
209 * @param this calling object
210 */
211 void (*destroy_after_state_change) (private_ike_sa_init_requested_t *this);
212 };
213
214 /**
215 * Implementation of state_t.process_message.
216 */
217 static status_t process_message(private_ike_sa_init_requested_t *this, message_t *ike_sa_init_reply)
218 {
219 ike_auth_requested_t *next_state;
220 chunk_t ike_sa_init_reply_data;
221 sa_payload_t *sa_payload = NULL;
222 ke_payload_t *ke_payload = NULL;
223 id_payload_t *id_payload = NULL;
224 nonce_payload_t *nonce_payload = NULL;
225 u_int64_t responder_spi;
226 ike_sa_id_t *ike_sa_id;
227 iterator_t *payloads;
228 host_t *me;
229 connection_t *connection;
230 policy_t *policy;
231
232 message_t *request;
233 status_t status;
234
235 /*
236 * In this state a reply message of type IKE_SA_INIT is expected:
237 *
238 * <-- HDR, SAr1, KEr, Nr, [CERTREQ]
239 * or
240 * <-- HDR, N
241 */
242
243 if (ike_sa_init_reply->get_exchange_type(ike_sa_init_reply) != IKE_SA_INIT)
244 {
245 this->logger->log(this->logger, ERROR | LEVEL1, "Message of type %s not supported in state ike_sa_init_requested",
246 mapping_find(exchange_type_m,ike_sa_init_reply->get_exchange_type(ike_sa_init_reply)));
247 return FAILED;
248 }
249
250 if (ike_sa_init_reply->get_request(ike_sa_init_reply))
251 {
252 this->logger->log(this->logger, ERROR | LEVEL1, "IKE_SA_INIT requests not allowed state ike_sa_init_responded");
253 return FAILED;
254 }
255
256 /* parse incoming message */
257 status = ike_sa_init_reply->parse_body(ike_sa_init_reply, NULL, NULL);
258 if (status != SUCCESS)
259 {
260 this->logger->log(this->logger, ERROR | LEVEL1, "IKE_SA_INIT reply parsing faild. Ignoring message");
261 return status;
262 }
263
264 /* because we are original initiator we have to update the responder SPI to the new one */
265 responder_spi = ike_sa_init_reply->get_responder_spi(ike_sa_init_reply);
266 if (responder_spi == 0)
267 {
268 this->logger->log(this->logger, ERROR | LEVEL1, "IKE_SA_INIT reply contained a SPI of zero");
269 return FAILED;
270 }
271 ike_sa_id = this->ike_sa->public.get_id(&(this->ike_sa->public));
272 ike_sa_id->set_responder_spi(ike_sa_id,responder_spi);
273
274 /* Iterate over all payloads.
275 *
276 * The message is allready checked for the right payload types.
277 */
278 payloads = ike_sa_init_reply->get_payload_iterator(ike_sa_init_reply);
279 while (payloads->has_next(payloads))
280 {
281 payload_t *payload;
282 payloads->current(payloads, (void**)&payload);
283
284 switch (payload->get_type(payload))
285 {
286 case SECURITY_ASSOCIATION:
287 {
288 sa_payload = (sa_payload_t*)payload;
289 break;
290 }
291 case KEY_EXCHANGE:
292 {
293 ke_payload = (ke_payload_t*)payload;
294 break;
295 }
296 case NONCE:
297 {
298 nonce_payload = (nonce_payload_t*)payload;
299 break;
300 }
301 case NOTIFY:
302 {
303 notify_payload_t *notify_payload = (notify_payload_t *) payload;
304
305 status = this->process_notify_payload(this, notify_payload);
306 if (status != SUCCESS)
307 {
308 payloads->destroy(payloads);
309 return status;
310 }
311 break;
312 }
313 default:
314 {
315 this->logger->log(this->logger, ERROR|LEVEL1, "Ignoring payload %s (%d)",
316 mapping_find(payload_type_m, payload->get_type(payload)), payload->get_type(payload));
317 break;
318 }
319
320 }
321
322 }
323 payloads->destroy(payloads);
324
325 if (!(nonce_payload && sa_payload && ke_payload))
326 {
327 this->logger->log(this->logger, AUDIT, "IKE_SA_INIT reply did not contain all required payloads. Deleting IKE_SA");
328 return DELETE_ME;
329 }
330
331 status = this->process_nonce_payload (this,nonce_payload);
332 if (status != SUCCESS)
333 {
334 return status;
335 }
336
337 status = this->process_sa_payload (this,sa_payload);
338 if (status != SUCCESS)
339 {
340 return status;
341 }
342
343 status = this->process_ke_payload (this,ke_payload);
344 if (status != SUCCESS)
345 {
346 return status;
347 }
348
349 /* derive all the keys used in the IKE_SA */
350 status = this->ike_sa->build_transforms(this->ike_sa, this->proposal, this->diffie_hellman, this->sent_nonce, this->received_nonce);
351 if (status != SUCCESS)
352 {
353 this->logger->log(this->logger, AUDIT, "Transform objects could not be created from selected proposal. Deleting IKE_SA");
354 return DELETE_ME;
355 }
356
357 /* apply the address on wich we really received the packet */
358 connection = this->ike_sa->get_connection(this->ike_sa);
359 me = ike_sa_init_reply->get_destination(ike_sa_init_reply);
360 connection->update_my_host(connection, me->clone(me));
361 policy = this->ike_sa->get_policy(this->ike_sa);
362 policy->update_my_ts(policy, me);
363
364 /* build empty message */
365 this->ike_sa->build_message(this->ike_sa, IKE_AUTH, TRUE, &request);
366
367 status = this->build_id_payload(this, &id_payload, request);
368 if (status != SUCCESS)
369 {
370 request->destroy(request);
371 return status;
372 }
373 status = this->build_idr_payload(this, request);
374 if (status != SUCCESS)
375 {
376 request->destroy(request);
377 return status;
378 }
379 status = this->build_auth_payload(this, (id_payload_t*)id_payload, request);
380 if (status != SUCCESS)
381 {
382 request->destroy(request);
383 return status;
384 }
385 status = this->build_sa_payload(this, request);
386 if (status != SUCCESS)
387 {
388 request->destroy(request);
389 return status;
390 }
391 status = this->build_tsi_payload(this, request);
392 if (status != SUCCESS)
393 {
394 request->destroy(request);
395 return status;
396 }
397 status = this->build_tsr_payload(this, request);
398 if (status != SUCCESS)
399 {
400 request->destroy(request);
401 return status;
402 }
403
404 /* message can now be sent (must not be destroyed) */
405 status = this->ike_sa->send_request(this->ike_sa, request);
406 if (status != SUCCESS)
407 {
408 this->logger->log(this->logger, AUDIT, "Unable to send IKE_AUTH request. Deleting IKE_SA");
409 request->destroy(request);
410 return DELETE_ME;
411 }
412
413 this->ike_sa->set_last_replied_message_id(this->ike_sa,ike_sa_init_reply->get_message_id(ike_sa_init_reply));
414
415 ike_sa_init_reply_data = ike_sa_init_reply->get_packet_data(ike_sa_init_reply);
416
417 /* state can now be changed */
418 next_state = ike_auth_requested_create(this->ike_sa, this->sent_nonce, this->received_nonce,
419 ike_sa_init_reply_data, this->child_sa);
420 this->ike_sa->set_new_state(this->ike_sa,(state_t *) next_state);
421
422 this->destroy_after_state_change(this);
423 return SUCCESS;
424 }
425
426
427 /**
428 * Implementation of private_ike_sa_init_requested_t.process_nonce_payload.
429 */
430 status_t process_nonce_payload (private_ike_sa_init_requested_t *this, nonce_payload_t *nonce_payload)
431 {
432 free(this->received_nonce.ptr);
433 this->received_nonce = nonce_payload->get_nonce(nonce_payload);
434 return SUCCESS;
435 }
436
437
438 /**
439 * Implementation of private_ike_sa_init_requested_t.process_sa_payload.
440 */
441 status_t process_sa_payload (private_ike_sa_init_requested_t *this, sa_payload_t *sa_payload)
442 {
443 proposal_t *proposal;
444 linked_list_t *proposal_list;
445 connection_t *connection;
446
447 connection = this->ike_sa->get_connection(this->ike_sa);
448
449 /* get the list of selected proposals, the peer has to select only one proposal */
450 proposal_list = sa_payload->get_proposals (sa_payload);
451 if (proposal_list->get_count(proposal_list) != 1)
452 {
453 this->logger->log(this->logger, AUDIT, "IKE_SA_INIT response did not contain a single proposal. Deleting IKE_SA");
454 while (proposal_list->remove_last(proposal_list, (void**)&proposal) == SUCCESS)
455 {
456 proposal->destroy(proposal);
457 }
458 proposal_list->destroy(proposal_list);
459 return DELETE_ME;
460 }
461
462 /* we have to re-check if the others selection is valid */
463 this->proposal = connection->select_proposal(connection, proposal_list);
464 while (proposal_list->remove_last(proposal_list, (void**)&proposal) == SUCCESS)
465 {
466 proposal->destroy(proposal);
467 }
468 proposal_list->destroy(proposal_list);
469
470 if (this->proposal == NULL)
471 {
472 this->logger->log(this->logger, AUDIT, "IKE_SA_INIT response contained selected proposal we did not offer. Deleting IKE_SA");
473 return DELETE_ME;
474 }
475
476 return SUCCESS;
477 }
478
479 /**
480 * Implementation of private_ike_sa_init_requested_t.process_ke_payload.
481 */
482 status_t process_ke_payload (private_ike_sa_init_requested_t *this, ke_payload_t *ke_payload)
483 {
484 this->diffie_hellman->set_other_public_value(this->diffie_hellman, ke_payload->get_key_exchange_data(ke_payload));
485
486 return SUCCESS;
487 }
488
489 /**
490 * Implementation of private_ike_sa_init_requested_t.build_id_payload.
491 */
492 static status_t build_id_payload (private_ike_sa_init_requested_t *this,id_payload_t **id_payload, message_t *request)
493 {
494 policy_t *policy;
495 id_payload_t *new_id_payload;
496 identification_t *identification;
497
498 policy = this->ike_sa->get_policy(this->ike_sa);
499 identification = policy->get_my_id(policy);
500 new_id_payload = id_payload_create_from_identification(TRUE, identification);
501
502 this->logger->log(this->logger, CONTROL|LEVEL2, "Add ID payload to message");
503 request->add_payload(request,(payload_t *) new_id_payload);
504
505 *id_payload = new_id_payload;
506
507 return SUCCESS;
508 }
509
510 /**
511 * Implementation of private_ike_sa_init_requested_t.build_idr_payload.
512 */
513 static status_t build_idr_payload (private_ike_sa_init_requested_t *this, message_t *request)
514 {
515 policy_t *policy;
516 id_payload_t *idr_payload;
517 identification_t *identification;
518
519 policy = this->ike_sa->get_policy(this->ike_sa);
520 identification = policy->get_other_id(policy);
521 if (!identification->contains_wildcards(identification))
522 {
523 idr_payload = id_payload_create_from_identification(FALSE, identification);
524
525 this->logger->log(this->logger, CONTROL|LEVEL2, "Add IDr payload to message");
526 request->add_payload(request,(payload_t *) idr_payload);
527 }
528 return SUCCESS;
529 }
530
531 /**
532 * Implementation of private_ike_sa_init_requested_t.build_auth_payload.
533 */
534 static status_t build_auth_payload (private_ike_sa_init_requested_t *this, id_payload_t *my_id_payload, message_t *request)
535 {
536 authenticator_t *authenticator;
537 auth_payload_t *auth_payload;
538 status_t status;
539
540 authenticator = authenticator_create(this->ike_sa);
541 status = authenticator->compute_auth_data(authenticator,&auth_payload,this->ike_sa_init_request_data,this->received_nonce,my_id_payload,TRUE);
542 authenticator->destroy(authenticator);
543
544 if (status != SUCCESS)
545 {
546 this->logger->log(this->logger, AUDIT, "Could not generate AUTH data for IKE_AUTH request. Deleting IKE_SA");
547 return DELETE_ME;
548 }
549
550 this->logger->log(this->logger, CONTROL|LEVEL2, "Add AUTH payload to message");
551 request->add_payload(request,(payload_t *) auth_payload);
552
553 return SUCCESS;
554 }
555
556 /**
557 * Implementation of private_ike_sa_init_requested_t.build_sa_payload.
558 */
559 static status_t build_sa_payload (private_ike_sa_init_requested_t *this, message_t *request)
560 {
561 linked_list_t *proposal_list;
562 sa_payload_t *sa_payload;
563 policy_t *policy;
564 connection_t *connection;
565
566 /* get proposals form config, add to payload */
567 policy = this->ike_sa->get_policy(this->ike_sa);
568 proposal_list = policy->get_proposals(policy);
569 /* build child sa */
570 connection = this->ike_sa->get_connection(this->ike_sa);
571 this->child_sa = child_sa_create(connection->get_my_host(connection),
572 connection->get_other_host(connection));
573 if (this->child_sa->alloc(this->child_sa, proposal_list) != SUCCESS)
574 {
575 this->logger->log(this->logger, AUDIT, "Could not install CHILD_SA! Deleting IKE_SA");
576 return DELETE_ME;
577 }
578
579 sa_payload = sa_payload_create_from_proposal_list(proposal_list);
580
581 this->logger->log(this->logger, CONTROL|LEVEL2, "Add SA payload to message");
582 request->add_payload(request,(payload_t *) sa_payload);
583
584 return SUCCESS;
585 }
586
587 /**
588 * Implementation of private_ike_sa_init_requested_t.build_tsi_payload.
589 */
590 static status_t build_tsi_payload (private_ike_sa_init_requested_t *this, message_t *request)
591 {
592 linked_list_t *ts_list;
593 ts_payload_t *ts_payload;
594 policy_t *policy;
595
596 policy = this->ike_sa->get_policy(this->ike_sa);
597 ts_list = policy->get_my_traffic_selectors(policy);
598 ts_payload = ts_payload_create_from_traffic_selectors(TRUE, ts_list);
599
600 this->logger->log(this->logger, CONTROL|LEVEL2, "Add TSi payload to message");
601 request->add_payload(request,(payload_t *) ts_payload);
602
603 return SUCCESS;
604 }
605
606 /**
607 * Implementation of private_ike_sa_init_requested_t.build_tsr_payload.
608 */
609 static status_t build_tsr_payload (private_ike_sa_init_requested_t *this, message_t *request)
610 {
611 linked_list_t *ts_list;
612 ts_payload_t *ts_payload;
613 policy_t *policy;
614
615 policy = this->ike_sa->get_policy(this->ike_sa);
616 ts_list = policy->get_other_traffic_selectors(policy);
617 ts_payload = ts_payload_create_from_traffic_selectors(FALSE, ts_list);
618
619 this->logger->log(this->logger, CONTROL|LEVEL2, "Add TSr payload to message");
620 request->add_payload(request,(payload_t *) ts_payload);
621
622 return SUCCESS;
623 }
624
625 /**
626 * Implementation of private_ike_sa_init_requested_t.process_notify_payload.
627 */
628 static status_t process_notify_payload(private_ike_sa_init_requested_t *this, notify_payload_t *notify_payload)
629 {
630 notify_message_type_t notify_message_type = notify_payload->get_notify_message_type(notify_payload);
631
632 this->logger->log(this->logger, CONTROL|LEVEL1, "Process notify type %s",
633 mapping_find(notify_message_type_m, notify_message_type));
634
635 switch (notify_message_type)
636 {
637 case NO_PROPOSAL_CHOSEN:
638 {
639 this->logger->log(this->logger, AUDIT, "IKE_SA_INIT response contained a NO_PROPOSAL_CHOSEN notify. Deleting IKE_SA");
640 return DELETE_ME;
641 }
642 case INVALID_MAJOR_VERSION:
643 {
644 this->logger->log(this->logger, AUDIT, "IKE_SA_INIT response contained a INVALID_MAJOR_VERSION notify. Deleting IKE_SA");
645 return DELETE_ME;
646 }
647 case INVALID_KE_PAYLOAD:
648 {
649 initiator_init_t *initiator_init_state;
650 chunk_t notify_data;
651 diffie_hellman_group_t dh_group, old_dh_group;
652 connection_t *connection;
653
654 connection = this->ike_sa->get_connection(this->ike_sa);
655 old_dh_group = connection->get_dh_group(connection);
656 notify_data = notify_payload->get_notification_data(notify_payload);
657 dh_group = ntohs(*((u_int16_t*)notify_data.ptr));
658
659 /* TODO:
660 * We are very restrictive here: If the other didn't accept
661 * our DH group, and we do not accept his offer, continuation
662 * is cancelled...
663 */
664
665 this->logger->log(this->logger, AUDIT, "Peer didn't accept %s, it requested %s!",
666 mapping_find(diffie_hellman_group_m, old_dh_group),
667 mapping_find(diffie_hellman_group_m, dh_group));
668 /* check if we can accept this dh group */
669 if (!connection->check_dh_group(connection, dh_group))
670 {
671 this->logger->log(this->logger, AUDIT,
672 "Peer does only accept DH group %s, which we do not accept! Aborting",
673 mapping_find(diffie_hellman_group_m, dh_group));
674 return DELETE_ME;
675 }
676
677 /* Going to change state back to initiator_init_t */
678 this->logger->log(this->logger, CONTROL|LEVEL2, "Create next state object");
679 initiator_init_state = initiator_init_create(this->ike_sa);
680
681 /* buffer of sent and received messages has to get reseted */
682 this->ike_sa->reset_message_buffers(this->ike_sa);
683
684 /* state can now be changed */
685 this->ike_sa->set_new_state(this->ike_sa,(state_t *) initiator_init_state);
686
687 /* state has NOW changed :-) */
688 this->logger->log(this->logger, CONTROL|LEVEL2, "Destroy old sate object");
689 this->logger->log(this->logger, CONTROL|LEVEL2, "Going to retry initialization of connection");
690
691 this->public.state_interface.destroy(&(this->public.state_interface));
692 if (initiator_init_state->retry_initiate_connection (initiator_init_state, dh_group) != SUCCESS)
693 {
694 return DELETE_ME;
695 }
696 return FAILED;
697 }
698 default:
699 {
700 /*
701 * - In case of unknown error: IKE_SA gets destroyed.
702 * - In case of unknown status: logging
703 */
704 if (notify_message_type < 16383)
705 {
706 this->logger->log(this->logger, AUDIT, "IKE_SA_INIT reply contained an unknown notify error (%d). Deleting IKE_SA",
707 notify_message_type);
708 return DELETE_ME;
709 }
710 else
711 {
712 this->logger->log(this->logger, CONTROL, "IKE_SA_INIT reply contained an unknown notify (%d), ignored.",
713 notify_message_type);
714 return SUCCESS;
715 }
716 }
717 }
718 }
719
720 /**
721 * Implementation of state_t.get_state.
722 */
723 static ike_sa_state_t get_state(private_ike_sa_init_requested_t *this)
724 {
725 return IKE_SA_INIT_REQUESTED;
726 }
727
728 /**
729 * Implementation of private_ike_sa_init_requested_t.destroy_after_state_change.
730 */
731 static void destroy_after_state_change (private_ike_sa_init_requested_t *this)
732 {
733 this->diffie_hellman->destroy(this->diffie_hellman);
734 chunk_free(&(this->ike_sa_init_request_data));
735 if (this->proposal)
736 {
737 this->proposal->destroy(this->proposal);
738 }
739 free(this);
740 }
741
742 /**
743 * Implementation state_t.destroy.
744 */
745 static void destroy(private_ike_sa_init_requested_t *this)
746 {
747 this->diffie_hellman->destroy(this->diffie_hellman);
748 free(this->sent_nonce.ptr);
749 free(this->received_nonce.ptr);
750 chunk_free(&(this->ike_sa_init_request_data));
751 if (this->child_sa)
752 {
753 this->child_sa->destroy(this->child_sa);
754 }
755 if (this->proposal)
756 {
757 this->proposal->destroy(this->proposal);
758 }
759 free(this);
760 }
761
762 /*
763 * Described in header.
764 */
765 ike_sa_init_requested_t *ike_sa_init_requested_create(protected_ike_sa_t *ike_sa, diffie_hellman_t *diffie_hellman, chunk_t sent_nonce,chunk_t ike_sa_init_request_data)
766 {
767 private_ike_sa_init_requested_t *this = malloc_thing(private_ike_sa_init_requested_t);
768
769 /* interface functions */
770 this->public.state_interface.process_message = (status_t (*) (state_t *,message_t *)) process_message;
771 this->public.state_interface.get_state = (ike_sa_state_t (*) (state_t *)) get_state;
772 this->public.state_interface.destroy = (void (*) (state_t *)) destroy;
773
774 /* private functions */
775 this->destroy_after_state_change = destroy_after_state_change;
776 this->process_nonce_payload = process_nonce_payload;
777 this->process_sa_payload = process_sa_payload;
778 this->process_ke_payload = process_ke_payload;
779 this->build_auth_payload = build_auth_payload;
780 this->build_tsi_payload = build_tsi_payload;
781 this->build_tsr_payload = build_tsr_payload;
782 this->build_id_payload = build_id_payload;
783 this->build_idr_payload = build_idr_payload;
784 this->build_sa_payload = build_sa_payload;
785 this->process_notify_payload = process_notify_payload;
786
787 /* private data */
788 this->ike_sa = ike_sa;
789 this->received_nonce = CHUNK_INITIALIZER;
790 this->logger = logger_manager->get_logger(logger_manager, IKE_SA);
791 this->diffie_hellman = diffie_hellman;
792 this->proposal = NULL;
793 this->sent_nonce = sent_nonce;
794 this->child_sa = NULL;
795 this->ike_sa_init_request_data = ike_sa_init_request_data;
796
797 return &(this->public);
798 }
Michael's strongswan development tree