- state ike_sa_init_responded implemented (has some memleaks)

diff --git a/Source/charon/config/configuration_manager.c b/Source/charon/config/configuration_manager.c
index 73e5aab9a39c7fd70b087b9853ff267f6ebf267a..f3c3cd4cc94706d6bb95d5d149fde6b15fad7952 100644 (file)
--- a/Source/charon/config/configuration_manager.c
+++ b/Source/charon/config/configuration_manager.c
@@ -152,7 +152,7 @@ static void load_default_config (private_configuration_manager_t *this)
        init_config_t *init_config1, *init_config2, *init_config3;
        ike_proposal_t proposals[2];
        child_proposal_t child_proposals[1];
-       sa_config_t *sa_config1, *sa_config2;
+       sa_config_t *sa_config1, *sa_config2, *sa_config3;
        traffic_selector_t *ts;
        
        init_config1 = init_config_create("152.96.193.131","152.96.193.131",IKEV2_UDP_PORT,IKEV2_UDP_PORT);
@@ -195,6 +195,13 @@ static void load_default_config (private_configuration_manager_t *this)
 
        sa_config2->add_traffic_selector_initiator(sa_config2,ts);
        sa_config2->add_traffic_selector_responder(sa_config2,ts);
+
+       sa_config3 = sa_config_create(ID_IPV4_ADDR, "127.0.0.1", 
+                                                                 ID_IPV4_ADDR, "127.0.0.1",
+                                                                 SHARED_KEY_MESSAGE_INTEGRITY_CODE);
+
+       sa_config3->add_traffic_selector_initiator(sa_config3,ts);
+       sa_config3->add_traffic_selector_responder(sa_config3,ts);
        
        ts->destroy(ts);
        
@@ -210,6 +217,7 @@ static void load_default_config (private_configuration_manager_t *this)
        child_proposals[0].esp.encryption_algorithm = ENCR_AES_CBC;
        child_proposals[0].esp.encryption_algorithm_key_size = 16;
        child_proposals[0].esp.integrity_algorithm = AUTH_UNDEFINED;
+       child_proposals[0].esp.extended_sequence_numbers = NO_EXT_SEQ_NUMBERS;
        child_proposals[0].esp.spi[0] = 2;
        child_proposals[0].esp.spi[1] = 2;
        child_proposals[0].esp.spi[2] = 2;
@@ -217,10 +225,11 @@ static void load_default_config (private_configuration_manager_t *this)
        
        sa_config1->add_proposal(sa_config1, &child_proposals[0]);
        sa_config2->add_proposal(sa_config2, &child_proposals[0]);
+       sa_config3->add_proposal(sa_config3, &child_proposals[0]);
 
        this->add_new_configuration(this,"pinflb31",init_config1,sa_config2);
        this->add_new_configuration(this,"pinflb30",init_config2,sa_config1);
-       this->add_new_configuration(this,"localhost",init_config3,sa_config1);
+       this->add_new_configuration(this,"localhost",init_config3,sa_config3);
 
 }
 

diff --git a/Source/charon/config/sa_config.c b/Source/charon/config/sa_config.c
index 2d91f7bbe37a4256e75cb2c3d9309fc4b22ce4b0..623f8be87aa688f447f17f70f95cfab23f8bc880 100644 (file)
--- a/Source/charon/config/sa_config.c
+++ b/Source/charon/config/sa_config.c
@@ -260,31 +260,74 @@ static child_proposal_t *select_proposal(private_sa_config_t *this, u_int8_t ah_
  */
 static bool proposal_equals(private_sa_config_t *this, child_proposal_t *first, child_proposal_t *second)
 {
+       /* 
+        *      Proto ? Mandatory ? Optional
+        *  -----------------------------------
+        *  ESP   ? ENCR      ? INTEG, D-H, ESN
+     *  AH    ? INTEG     ? D-H, ESN
+     */
+       
+       /* equality defaults to false, so return is FALSE if ah and esp not set */
        bool equal = FALSE;
        
+       /* check ah, if set */
        if (first->ah.is_set && second->ah.is_set)
        {
-               if ((first->ah.integrity_algorithm != second->ah.integrity_algorithm) ||
-                       (first->ah.integrity_algorithm_key_size != second->ah.integrity_algorithm_key_size) ||
-                       (first->ah.diffie_hellman_group != second->ah.diffie_hellman_group) ||
-                       (first->ah.extended_sequence_numbers != second->ah.extended_sequence_numbers))
+               /* integrity alg is mandatory, with key size */
+               if ((first->ah.integrity_algorithm == second->ah.integrity_algorithm) &&
+                       (first->ah.integrity_algorithm_key_size == second->ah.integrity_algorithm_key_size))
                {
-                       return FALSE;
+                       /* dh group is optional, but must be NOT_SET when not set */
+                       if      (first->ah.diffie_hellman_group != second->ah.diffie_hellman_group)
+                       {
+                               return FALSE;
+                       }
+                       /* sequence numbers is optional, but must be NOT_SET when not set */
+                       if (first->ah.extended_sequence_numbers != second->ah.extended_sequence_numbers)
+                       {
+                               return FALSE;
+                       }
+                       /* all checked, ah seems ok */
+                       equal = TRUE;   
+               }
+               else
+               {
+                       return FALSE;   
                }
-               equal = TRUE;
        }
+       /* check esp, if set */
        if (first->esp.is_set && second->esp.is_set)
        {
-               if ((first->esp.encryption_algorithm != second->esp.encryption_algorithm) ||
-                       (first->esp.encryption_algorithm_key_size != second->esp.encryption_algorithm_key_size) ||
-                       (first->esp.integrity_algorithm != second->esp.integrity_algorithm) ||
-                       (first->esp.integrity_algorithm_key_size != second->esp.integrity_algorithm_key_size) ||
-                       (first->esp.diffie_hellman_group != second->esp.diffie_hellman_group) ||
-                       (first->esp.extended_sequence_numbers != second->esp.extended_sequence_numbers))
+               /* encryption alg is mandatory, with key size */
+               if ((first->esp.encryption_algorithm == second->esp.encryption_algorithm) &&
+                       (first->esp.encryption_algorithm_key_size == second->esp.encryption_algorithm_key_size))
+               {
+                       /* int alg is optional, check key only when not NOT_SET */
+                       if (first->esp.integrity_algorithm != second->esp.integrity_algorithm)
+                       {
+                               return FALSE;   
+                       }
+                       if ((first->esp.integrity_algorithm != AUTH_UNDEFINED) &&
+                               (first->esp.integrity_algorithm_key_size != second->esp.integrity_algorithm_key_size))
+                       {
+                               return FALSE;   
+                       }
+                       /* dh group is optional, but must be NOT_SET when not set */
+                       if (first->esp.diffie_hellman_group != second->esp.diffie_hellman_group)
+                       {
+                               return FALSE;   
+                       }
+                       if (first->esp.extended_sequence_numbers != second->esp.extended_sequence_numbers)
+                       {
+                               return FALSE;   
+                       }
+                       /* all checked, esp seems ok */
+                       equal = TRUE;
+               }
+               else
                {
-                       return FALSE;
+                       return FALSE;   
                }
-               equal = TRUE;
        }
        return equal;
 }

diff --git a/Source/charon/encoding/message.c b/Source/charon/encoding/message.c
index bf33c50674707ffd9a00f124d27c77aeb4f24d6b..bcc34ca965685d26c47e5fd3d0b1c19e6efb621f 100644 (file)
--- a/Source/charon/encoding/message.c
+++ b/Source/charon/encoding/message.c
@@ -895,7 +895,8 @@ static status_t decrypt_and_verify_payloads (private_message_t *this,crypter_t *
                        status = encryption_payload->decrypt(encryption_payload);
                        if (status != SUCCESS)
                        {
-                               this->logger->log(this->logger, ERROR | MORE, "Encrypted payload could not be decrypted and parsed");
+                               this->logger->log(this->logger, ERROR | MORE, "Encrypted payload could not be decrypted and parsed: %s", 
+                                                               mapping_find(status_m, status));
                                iterator->destroy(iterator);
                                return status;
                        }

diff --git a/Source/charon/encoding/payloads/encryption_payload.c b/Source/charon/encoding/payloads/encryption_payload.c
index 70bdcc9b2b034cf3c564511f9fe2681c9a4043c8..7ea2904049fa8d78be410cf250daa3f79c033007 100644 (file)
--- a/Source/charon/encoding/payloads/encryption_payload.c
+++ b/Source/charon/encoding/payloads/encryption_payload.c
@@ -25,9 +25,11 @@
 
 #include "encryption_payload.h"
 
+#include <daemon.h>
 #include <encoding/payloads/encodings.h>
 #include <utils/allocator.h>
 #include <utils/linked_list.h>
+#include <utils/logger.h>
 #include <encoding/generator.h>
 #include <encoding/parser.h>
 #include <utils/iterator.h>
@@ -93,6 +95,11 @@ struct private_encryption_payload_t {
         */
        linked_list_t *payloads;
        
+       /** 
+        * logger for this payload, uses MESSAGE context
+        */
+       logger_t *logger;
+       
        /**
         * @brief Computes the length of this payload.
         *
@@ -106,6 +113,12 @@ struct private_encryption_payload_t {
         * @param this  calling private_encryption_payload_t object
         */
        void (*generate) (private_encryption_payload_t *this);
+               
+       /**
+        * @brief Parse payloads from a (unencrypted) chunk.
+        * 
+        * @param this  calling private_encryption_payload_t object
+        */
        status_t (*parse) (private_encryption_payload_t *this);
 };
 
@@ -162,24 +175,6 @@ static status_t verify(private_encryption_payload_t *this)
        return SUCCESS;
 }
 
-/**
- * Implementation of payload_t.destroy.
- */
-static void destroy(private_encryption_payload_t *this)
-{
-       /* all proposals are getting destroyed */ 
-       while (this->payloads->get_count(this->payloads) > 0)
-       {
-               payload_t *current_payload;
-               this->payloads->remove_last(this->payloads,(void **)&current_payload);
-               current_payload->destroy(current_payload);
-       }
-       this->payloads->destroy(this->payloads);
-       allocator_free(this->encrypted.ptr);
-       allocator_free(this->decrypted.ptr);
-       allocator_free(this);
-}
-
 /**
  * Implementation of payload_t.get_encoding_rules.
  */
@@ -281,15 +276,19 @@ static status_t encrypt(private_encryption_payload_t *this)
        
        if (this->signer == NULL || this->crypter == NULL)
        {
+               this->logger->log(this->logger, ERROR, "could not encrypt, signer/crypter not set");
                return INVALID_STATE;
        }
        
        /* for random data in iv and padding */
        randomizer = randomizer_create();
 
+
        /* build payload chunk */
        this->generate(this);
        
+       this->logger->log(this->logger, CONTROL|MOST, "encrypting payloads");
+       
        /* build padding */
        block_size = this->crypter->get_block_size(this->crypter);
        padding.len = block_size - ((this->decrypted.len + 1) %  block_size);
@@ -315,6 +314,7 @@ static status_t encrypt(private_encryption_payload_t *this)
        allocator_free(to_crypt.ptr);
        if (status != SUCCESS)
        {
+               this->logger->log(this->logger, ERROR, "encryption failed");
                allocator_free(iv.ptr);
                return status;
        }
@@ -342,8 +342,12 @@ static status_t decrypt(private_encryption_payload_t *this)
        u_int8_t padding_length;
        status_t status;
        
+       
+       this->logger->log(this->logger, CONTROL|MOST, "decrypting encryption payload");
+       
        if (this->signer == NULL || this->crypter == NULL)
        {
+               this->logger->log(this->logger, ERROR, "could not decrypt, no crypter/signer set");
                return INVALID_STATE;
        }
        
@@ -360,6 +364,7 @@ static status_t decrypt(private_encryption_payload_t *this)
         */
        if (concatenated.len < iv.len)
        {
+               this->logger->log(this->logger, ERROR, "could not decrypt, invalid input");
                return FAILED;
        }
        
@@ -369,6 +374,7 @@ static status_t decrypt(private_encryption_payload_t *this)
        status = this->crypter->decrypt(this->crypter, concatenated, iv, &(this->decrypted));
        if (status != SUCCESS)
        {
+               this->logger->log(this->logger, ERROR, "could not decrypt, decryption failed");
                return FAILED;
        }
        
@@ -381,6 +387,7 @@ static status_t decrypt(private_encryption_payload_t *this)
        /* check size again */
        if (padding_length > concatenated.len || this->decrypted.len < 0)
        {
+               this->logger->log(this->logger, ERROR, "decryption failed, invalid padding length found. Invalid key ?");
                /* decryption failed :-/ */
                return FAILED;
        }
@@ -388,6 +395,7 @@ static status_t decrypt(private_encryption_payload_t *this)
        /* free padding */
        this->decrypted.ptr = allocator_realloc(this->decrypted.ptr, this->decrypted.len);
        
+       this->logger->log(this->logger, CONTROL|MOST, "decryption successful, trying to parse content");
        return (this->parse(this));
 }
 
@@ -410,12 +418,14 @@ static status_t build_signature(private_encryption_payload_t *this, chunk_t data
        
        if (this->signer == NULL)
        {
+               this->logger->log(this->logger, ERROR, "unable to build signature, no signer set");
                return INVALID_STATE;
        }
        
        sig.len = this->signer->get_block_size(this->signer);
        data_without_sig.len -= sig.len;
        sig.ptr = data.ptr + data_without_sig.len;
+       this->logger->log(this->logger, CONTROL|MOST, "building signature");
        this->signer->get_signature(this->signer, data_without_sig, sig.ptr);
        return SUCCESS;
 }
@@ -430,12 +440,14 @@ static status_t verify_signature(private_encryption_payload_t *this, chunk_t dat
        
        if (this->signer == NULL)
        {
+               this->logger->log(this->logger, ERROR, "unable to verify signature, no signer set");
                return INVALID_STATE;
        }
        /* find signature in data chunk */
        sig.len = this->signer->get_block_size(this->signer);
        if (data.len <= sig.len)
        {
+               this->logger->log(this->logger, ERROR|MORE, "unable to verify signature, invalid input");
                return FAILED;
        }
        sig.ptr = data.ptr + data.len - sig.len;
@@ -447,9 +459,11 @@ static status_t verify_signature(private_encryption_payload_t *this, chunk_t dat
        
        if (!valid)
        {
+               this->logger->log(this->logger, ERROR|MORE, "signature verification failed");
                return FAILED;
        }
        
+       this->logger->log(this->logger, CONTROL|MOST, "signature verification successful");
        return SUCCESS;
 }
 
@@ -477,6 +491,7 @@ static void generate(private_encryption_payload_t *this)
        else
        {
                /* no paylads? */
+               this->logger->log(this->logger, CONTROL|MOST, "generating contained payloads, but no available");
                allocator_free(this->decrypted.ptr);
                this->decrypted = CHUNK_INITIALIZER;
                iterator->destroy(iterator);
@@ -504,6 +519,7 @@ static void generate(private_encryption_payload_t *this)
        
        generator->write_to_chunk(generator, &(this->decrypted));
        generator->destroy(generator);
+       this->logger->log(this->logger, CONTROL|MOST, "successfully generated content in encrpytion payload");
 }
 
 /**
@@ -518,6 +534,7 @@ static status_t parse(private_encryption_payload_t *this)
        /* check if there is decrypted data */
        if (this->decrypted.ptr == NULL)
        {
+               this->logger->log(this->logger, ERROR, "unable to parse, no input!");
                return INVALID_STATE;
        }
        
@@ -541,6 +558,10 @@ static status_t parse(private_encryption_payload_t *this)
                status = current_payload->verify(current_payload);
                if (status != SUCCESS)
                {
+                       
+                       this->logger->log(this->logger, ERROR, "%s verification failed: %s", 
+                                                               mapping_find(payload_type_m,current_payload->get_type(current_payload)),
+                                                               mapping_find(status_m, status));
                        current_payload->destroy(current_payload);
                        parser->destroy(parser);
                        return VERIFY_ERROR;
@@ -552,6 +573,7 @@ static status_t parse(private_encryption_payload_t *this)
                this->payloads->insert_last(this->payloads,current_payload);
        }
        parser->destroy(parser);
+       this->logger->log(this->logger, CONTROL|MOST, "succesfully parsed content of encryption payload");
        return SUCCESS;
 }
 
@@ -589,6 +611,26 @@ static void compute_length(private_encryption_payload_t *this)
        this->payload_length = length;
 }
 
+
+/**
+ * Implementation of payload_t.destroy.
+ */
+static void destroy(private_encryption_payload_t *this)
+{
+       /* all proposals are getting destroyed */ 
+       while (this->payloads->get_count(this->payloads) > 0)
+       {
+               payload_t *current_payload;
+               this->payloads->remove_last(this->payloads,(void **)&current_payload);
+               current_payload->destroy(current_payload);
+       }
+       this->payloads->destroy(this->payloads);
+       charon->logger_manager->destroy_logger(charon->logger_manager, this->logger);
+       allocator_free(this->encrypted.ptr);
+       allocator_free(this->decrypted.ptr);
+       allocator_free(this);
+}
+
 /*
  * Described in header
  */
@@ -622,6 +664,7 @@ encryption_payload_t *encryption_payload_create()
        this->compute_length = compute_length;
        this->generate = generate;
        this->parse = parse;
+       this->logger = charon->logger_manager->create_logger(charon->logger_manager, ENCRYPTION_PAYLOAD, NULL);
        
        /* set default values of the fields */
        this->critical = TRUE;

diff --git a/Source/charon/encoding/payloads/ts_payload.c b/Source/charon/encoding/payloads/ts_payload.c
index 2ca5bc8cb7287a122c26b67b1499332ff3394bc4..d9e17c680c882afb9796325e63cd76378efc9179 100644 (file)
--- a/Source/charon/encoding/payloads/ts_payload.c
+++ b/Source/charon/encoding/payloads/ts_payload.c
@@ -128,7 +128,7 @@ encoding_rule_t ts_payload_encodings[] = {
 static status_t verify(private_ts_payload_t *this)
 {
        iterator_t *iterator;
-       status_t status;
+       status_t status = FAILED;
        
        if (this->critical)
        {
@@ -142,7 +142,6 @@ static status_t verify(private_ts_payload_t *this)
        }
        
        iterator = this->traffic_selectors->create_iterator(this->traffic_selectors,TRUE);
-       
        while(iterator->has_next(iterator))
        {
                payload_t *current_traffic_selector;
@@ -154,10 +153,8 @@ static status_t verify(private_ts_payload_t *this)
                        break;
                }
        }
-       
        iterator->destroy(iterator);
        
-       
        return status;
 }
 

diff --git a/Source/charon/sa/ike_sa.c b/Source/charon/sa/ike_sa.c
index 9acd8914a95daf77858db2d392220c211b3e7879..36ed8ee9af4de0897e72fa86811f38ce1561ea65 100644 (file)
--- a/Source/charon/sa/ike_sa.c
+++ b/Source/charon/sa/ike_sa.c
@@ -614,6 +614,23 @@ static signer_t *get_signer_initiator (private_ike_sa_t *this)
        return this->signer_initiator;
 }
 
+/**
+ * Implementation of protected_ike_sa_t.get_crypter_responder.
+ */
+static crypter_t *get_crypter_responder(private_ike_sa_t *this)
+{
+       return this->crypter_responder;
+}
+
+/**
+ * Implementation of protected_ike_sa_t.get_signer_responder.
+ */
+static signer_t *get_signer_responder (private_ike_sa_t *this)
+{
+       return this->signer_responder;
+}
+
+
 /**
  * Implementation of protected_ike_sa_t.set_last_requested_message.
  */
@@ -815,6 +832,8 @@ ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id)
        this->protected.set_new_state = (void (*) (protected_ike_sa_t *,state_t *)) set_new_state;
        this->protected.get_crypter_initiator = (crypter_t *(*) (protected_ike_sa_t *)) get_crypter_initiator;
        this->protected.get_signer_initiator = (signer_t *(*) (protected_ike_sa_t *)) get_signer_initiator;     
+       this->protected.get_crypter_responder = (crypter_t *(*) (protected_ike_sa_t *)) get_crypter_responder;
+       this->protected.get_signer_responder = (signer_t *(*) (protected_ike_sa_t *)) get_signer_responder;     
        this->protected.reset_message_buffers = (void (*) (protected_ike_sa_t *)) reset_message_buffers;
 
        /* private functions */

diff --git a/Source/charon/sa/ike_sa.h b/Source/charon/sa/ike_sa.h
index 6fd6f0e8d943ccb0a2d37275a4aa5e27c743767b..806fd6581c2abb31e02dc60d16934ac199891802 100644 (file)
--- a/Source/charon/sa/ike_sa.h
+++ b/Source/charon/sa/ike_sa.h
@@ -282,6 +282,22 @@ struct protected_ike_sa_t {
         * @return                                      pointer to signer_t object
         */
        signer_t *(*get_signer_initiator) (protected_ike_sa_t *this);
+       
+       /**
+        * Gets the internal stored responder crypter_t object.
+        * 
+        * @param this                          calling object
+        * @return                                      pointer to crypter_t object
+        */
+       crypter_t *(*get_crypter_responder) (protected_ike_sa_t *this);
+       
+       /**
+        * Gets the internal stored responder signer object.
+        * 
+        * @param this                          calling object
+        * @return                                      pointer to signer_t object
+        */
+       signer_t *(*get_signer_responder) (protected_ike_sa_t *this);
 
        /**
         * Resets message id counters and does destroy stored received and sent messages.

diff --git a/Source/charon/sa/states/ike_auth_requested.c b/Source/charon/sa/states/ike_auth_requested.c
index 316b0a2c674f551e3746ae66ca00d62765e50a71..eb4ccae6ba6671cd70b8562d9c3a9f0bd3513c43 100644 (file)
--- a/Source/charon/sa/states/ike_auth_requested.c
+++ b/Source/charon/sa/states/ike_auth_requested.c
@@ -22,8 +22,15 @@
  
 #include "ike_auth_requested.h"
 
+#include <daemon.h>
 #include <utils/allocator.h>
-
+#include <encoding/payloads/ts_payload.h>
+#include <encoding/payloads/sa_payload.h>
+#include <encoding/payloads/id_payload.h>
+#include <encoding/payloads/auth_payload.h>
+#include <transforms/signers/signer.h>
+#include <transforms/crypters/crypter.h>
+#include <sa/states/ike_sa_established.h>
 
 typedef struct private_ike_auth_requested_t private_ike_auth_requested_t;
 
@@ -51,16 +58,280 @@ struct private_ike_auth_requested_t {
         * Assigned IKE_SA
         */
         protected_ike_sa_t *ike_sa;
+        
+       /**
+        * SA config, just a copy of the one stored in the ike_sa
+        */
+       sa_config_t *sa_config; 
+        
+       /**
+        * Logger used to log data 
+        * 
+        * Is logger of ike_sa!
+        */
+       logger_t *logger;
+       
+       status_t (*process_idr_payload) (private_ike_auth_requested_t *this, id_payload_t *idr_payload);
+       status_t (*process_sa_payload) (private_ike_auth_requested_t *this, sa_payload_t *sa_payload);
+       status_t (*process_auth_payload) (private_ike_auth_requested_t *this, auth_payload_t *auth_payload);
+       status_t (*process_ts_payload) (private_ike_auth_requested_t *this, bool ts_initiator, ts_payload_t *ts_payload);
+        
 };
 
+
 /**
- * Implements state_t.get_state
+ * Implements state_t.process_message
+ */
+static status_t process_message(private_ike_auth_requested_t *this, message_t *request)
+{
+       status_t status;
+       signer_t *signer;
+       crypter_t *crypter;
+       iterator_t *payloads;
+       exchange_type_t exchange_type;
+       id_payload_t *idr_payload;
+       auth_payload_t *auth_payload;
+       sa_payload_t *sa_payload;
+       ts_payload_t *tsi_payload, *tsr_payload;
+       
+       return SUCCESS;
+
+       exchange_type = request->get_exchange_type(request);
+       if (exchange_type != IKE_AUTH)
+       {
+               this->logger->log(this->logger, ERROR | MORE, "Message of type %s not supported in state ike_auth_requested",
+                                                       mapping_find(exchange_type_m,exchange_type));
+               return FAILED;
+       }
+       
+       if (request->get_request(request))
+       {
+               this->logger->log(this->logger, ERROR | MORE, "Only responses of type IKE_AUTH supported in state ike_auth_requested");
+               return FAILED;
+       }
+       
+       /* get signer for verification and crypter for decryption */
+       signer = this->ike_sa->get_signer_responder(this->ike_sa);
+       crypter = this->ike_sa->get_crypter_responder(this->ike_sa);
+       
+       /* parse incoming message */
+       status = request->parse_body(request, crypter, signer);
+       if (status != SUCCESS)
+       {
+               this->logger->log(this->logger, ERROR | MORE, "Could not parse body of request message");
+               return status;
+       }
+       
+       this->sa_config = this->ike_sa->get_sa_config(this->ike_sa);
+       
+       /* iterate over incoming payloads. Message is verified, we can be sure there are the required payloads */
+       payloads = request->get_payload_iterator(request);
+       while (payloads->has_next(payloads))
+       {
+               payload_t *payload;
+               payloads->current(payloads, (void**)&payload);
+               
+               switch (payload->get_type(payload))
+               {
+                       case AUTHENTICATION:
+                       {
+                               auth_payload = (auth_payload_t*)payload;
+                               break;  
+                       }
+                       case ID_RESPONDER:
+                       {
+                               idr_payload = (id_payload_t*)payload;
+                               break;  
+                       }
+                       case SECURITY_ASSOCIATION:
+                       {
+                               sa_payload = (sa_payload_t*)payload;
+                               break;
+                       }
+                       case CERTIFICATE:
+                       {
+                               /* TODO handle cert payloads */
+                               break;
+                       }
+                       case TRAFFIC_SELECTOR_INITIATOR:
+                       {
+                               tsi_payload = (ts_payload_t*)payload;                           
+                               break;  
+                       }
+                       case TRAFFIC_SELECTOR_RESPONDER:
+                       {
+                               tsr_payload = (ts_payload_t*)payload;
+                               break;  
+                       }
+                       default:
+                       {
+                               /* can't happen, since message is verified, notify's? */
+                               break;
+                       }
+               }
+       }
+       /* iterator can be destroyed */
+       payloads->destroy(payloads);
+       
+       
+       /* add payloads to it */
+       status = this->process_idr_payload(this, idr_payload);
+       if (status != SUCCESS)
+       {
+               this->logger->log(this->logger, ERROR, "Processing idr payload failed");
+               return status;
+       }
+       status = this->process_sa_payload(this, sa_payload);
+       if (status != SUCCESS)
+       {
+               this->logger->log(this->logger, ERROR, "Processing sa payload failed");
+               return status;
+       }
+       status = this->process_auth_payload(this, auth_payload);
+       if (status != SUCCESS)
+       {
+               this->logger->log(this->logger, ERROR, "Processing auth payload failed");
+               return status;
+       }
+       status = this->process_ts_payload(this, TRUE, tsi_payload);
+       if (status != SUCCESS)
+       {
+               this->logger->log(this->logger, ERROR, "Processing tsi payload failed");
+               return status;
+       }
+       status = this->process_ts_payload(this, FALSE, tsr_payload);
+       if (status != SUCCESS)
+       {
+               this->logger->log(this->logger, ERROR, "Processing tsr payload failed");
+               return status;
+       }
+
+       this->logger->log(this->logger, CONTROL | MORE, "IKE_AUTH response successfully handled. IKE_SA established.");
+       
+       /* create new state */
+       this->ike_sa->set_new_state(this->ike_sa, (state_t*)ike_sa_established_create(this->ike_sa));
+
+       return SUCCESS;
+}
+
+/**
+ * Implements private_ike_auth_requested_t.build_idr_payload
  */
-static status_t process_message(private_ike_auth_requested_t *this, message_t *message)
+static status_t process_idr_payload(private_ike_auth_requested_t *this, id_payload_t *idr_payload)
 {
+       identification_t *other_id, *configured_other_id;
+       
+       other_id = idr_payload->get_identification(idr_payload);
+
+       configured_other_id = this->sa_config->get_other_id(this->sa_config);
+       if (configured_other_id)
+       {
+               if (!other_id->equals(other_id, configured_other_id))
+               {
+                       this->logger->log(this->logger, ERROR, "IKE_AUTH reply didn't contain requested id");
+                       return FAILED;  
+               }
+       }
+       
+       /* TODO do we have to store other_id  somewhere ? */    
+       return SUCCESS;
+}
+
+/**
+ * Implements private_ike_auth_requested_t.build_sa_payload
+ */
+static status_t process_sa_payload(private_ike_auth_requested_t *this, sa_payload_t *sa_payload)
+{
+       child_proposal_t *proposals, *proposal_chosen;
+       size_t proposal_count;
+       status_t status;
+       
+       /* dummy spis, until we have a child sa to request them */
+       u_int8_t ah_spi[4] = {0x01, 0x02, 0x03, 0x04};
+       u_int8_t esp_spi[4] = {0x05, 0x06, 0x07, 0x08};
+       
+       /* check selected proposal */
+       status = sa_payload->get_child_proposals(sa_payload, &proposals, &proposal_count);
+       if (status != SUCCESS)
+       {
+               this->logger->log(this->logger, ERROR, "responders sa payload contained no proposals");
+               return FAILED;
+       }
+       if (proposal_count > 1)
+       {
+               allocator_free(proposals);
+               this->logger->log(this->logger, ERROR, "responders sa payload contained more than one proposal");
+               return FAILED;
+       }
+       
+       proposal_chosen = this->sa_config->select_proposal(this->sa_config, ah_spi, esp_spi, proposals, proposal_count);
+       if (proposal_chosen == NULL)
+       {
+               this->logger->log(this->logger, ERROR, "responder selected an not offered proposal");
+               allocator_free(proposals);
+               return FAILED;
+       }
+       else
+       {
+               allocator_free(proposal_chosen);
+       }
+       
+       allocator_free(proposals);
+       
        return SUCCESS;
 }
 
+/**
+ * Implements private_ike_auth_requested_t.build_auth_payload
+ */
+static status_t process_auth_payload(private_ike_auth_requested_t *this, auth_payload_t *auth_payload)
+{
+       /* TODO VERIFY auth here */
+       return SUCCESS; 
+}
+
+/**
+ * Implements private_ike_auth_requested_t.build_ts_payload
+ */
+static status_t process_ts_payload(private_ike_auth_requested_t *this, bool ts_initiator, ts_payload_t *ts_payload)
+{
+       traffic_selector_t **ts_received, **ts_selected;
+       size_t ts_received_count, ts_selected_count;
+       status_t status = SUCCESS;
+       
+       /* get ts form payload */
+       ts_received_count = ts_payload->get_traffic_selectors(ts_payload, &ts_received);
+       /* select ts depending on payload type */
+       if (ts_initiator)
+       {
+               ts_selected_count = this->sa_config->select_traffic_selectors_initiator(this->sa_config, ts_received, ts_received_count, &ts_selected);
+       }
+       else
+       {
+               ts_selected_count = this->sa_config->select_traffic_selectors_responder(this->sa_config, ts_received, ts_received_count, &ts_selected);
+       }
+       /* check if the responder selected valid proposals */
+       if (ts_selected_count != ts_received_count)
+       {
+               this->logger->log(this->logger, ERROR, "responder selected invalid traffic selectors");
+               status = FAILED;        
+       }
+       
+       /* cleanup */
+       while(ts_received_count--) 
+       {
+               traffic_selector_t *ts = *ts_received + ts_received_count;
+               ts->destroy(ts);
+       }
+       allocator_free(ts_received);
+       while(ts_selected_count--) 
+       {
+               traffic_selector_t *ts = *ts_selected + ts_selected_count;
+               ts->destroy(ts);
+       }
+       allocator_free(ts_selected);
+       return status;
+}
 /**
  * Implements state_t.get_state
  */
@@ -91,6 +362,13 @@ ike_auth_requested_t *ike_auth_requested_create(protected_ike_sa_t *ike_sa, chun
        this->public.state_interface.get_state = (ike_sa_state_t (*) (state_t *)) get_state;
        this->public.state_interface.destroy  = (void (*) (state_t *)) destroy;
        
+       /* private functions */
+       
+       this->process_idr_payload = process_idr_payload;
+       this->process_sa_payload = process_sa_payload;
+       this->process_auth_payload = process_auth_payload;
+       this->process_ts_payload = process_ts_payload;
+       
        /* private data */
        this->ike_sa = ike_sa;
        this->sent_nonce = sent_nonce;

diff --git a/Source/charon/sa/states/ike_sa_init_requested.c b/Source/charon/sa/states/ike_sa_init_requested.c
index aa12cd1b190272cf7a024eb78d3b2724ab1344fa..424f7595085a0418696752cca27c059da2a0ad6d 100644 (file)
--- a/Source/charon/sa/states/ike_sa_init_requested.c
+++ b/Source/charon/sa/states/ike_sa_init_requested.c
@@ -534,7 +534,9 @@ static void build_tsi_payload (private_ike_sa_init_requested_t *this, payload_t
        
        sa_config = this->ike_sa->get_sa_config(this->ike_sa);
        traffic_selectors_count = sa_config->get_traffic_selectors_initiator(sa_config,&traffic_selectors);
+       printf("traffic_selectors: %d\n", traffic_selectors_count);
        ts_payload = ts_payload_create_from_traffic_selectors(TRUE,traffic_selectors, traffic_selectors_count);
+       
        allocator_free(traffic_selectors);
 
        *payload = (payload_t *) ts_payload;

diff --git a/Source/charon/sa/states/ike_sa_init_responded.c b/Source/charon/sa/states/ike_sa_init_responded.c
index 70090eb71937cdbdf6327c79b463ae708a31b540..91098796990a48d046441c1c13540428f2b19ebb 100644 (file)
--- a/Source/charon/sa/states/ike_sa_init_responded.c
+++ b/Source/charon/sa/states/ike_sa_init_responded.c
@@ -30,6 +30,7 @@
 #include <encoding/payloads/auth_payload.h>
 #include <transforms/signers/signer.h>
 #include <transforms/crypters/crypter.h>
+#include <sa/states/ike_sa_established.h>
 
 
 typedef struct private_ike_sa_init_responded_t private_ike_sa_init_responded_t;
@@ -45,27 +46,14 @@ struct private_ike_sa_init_responded_t {
        ike_sa_init_responded_t public;
        
        /**
-        * Shared secret from DH-Exchange
-        * 
-        * All needed secrets are derived from this shared secret and then passed to the next
-        * state of type ike_sa_established_t
-        */
-       chunk_t shared_secret;
-       
-       /**
-        * Sent nonce used to calculate secrets
-        */
-       chunk_t received_nonce;
-       
-       /**
-        * Sent nonce used to calculate secrets
+        * Assigned IKE_SA
         */
-       chunk_t sent_nonce;
+       protected_ike_sa_t *ike_sa;
        
        /**
-        * Assigned IKE_SA
+        * sa config to use
         */
-       protected_ike_sa_t *ike_sa;
+       sa_config_t *sa_config;
        
        /**
         * Logger used to log data 
@@ -73,24 +61,31 @@ struct private_ike_sa_init_responded_t {
         * Is logger of ike_sa!
         */
        logger_t *logger;
+       
+       status_t (*build_idr_payload) (private_ike_sa_init_responded_t *this, id_payload_t *request_idi, id_payload_t *request_idr, message_t *response);
+       status_t (*build_sa_payload) (private_ike_sa_init_responded_t *this, sa_payload_t *request, message_t *response);
+       status_t (*build_auth_payload) (private_ike_sa_init_responded_t *this, auth_payload_t *request, message_t *response);
+       status_t (*build_ts_payload) (private_ike_sa_init_responded_t *this, bool ts_initiator, ts_payload_t *request, message_t *response);
 };
 
 /**
  * Implements state_t.get_state
  */
-static status_t process_message(private_ike_sa_init_responded_t *this, message_t *message)
+static status_t process_message(private_ike_sa_init_responded_t *this, message_t *request)
 {
        status_t status;
        signer_t *signer;
        crypter_t *crypter;
        iterator_t *payloads;
        exchange_type_t exchange_type;
-       id_payload_t *idi_payload, *idr_payload;
-       auth_payload_t *auth_payload;
-       sa_payload_t *sa_payload;
-       ts_payload_t *tsi_payload, *tsr_payload;
+       id_payload_t *idi_request, *idr_request = NULL;
+       auth_payload_t *auth_request;
+       sa_payload_t *sa_request;
+       ts_payload_t *tsi_request, *tsr_request;
+       message_t *response;
+       packet_t *response_packet;
 
-       exchange_type = message->get_exchange_type(message);
+       exchange_type = request->get_exchange_type(request);
        if (exchange_type != IKE_AUTH)
        {
                this->logger->log(this->logger, ERROR | MORE, "Message of type %s not supported in state ike_sa_init_responded",
@@ -98,7 +93,7 @@ static status_t process_message(private_ike_sa_init_responded_t *this, message_t
                return FAILED;
        }
        
-       if (!message->get_request(message))
+       if (!request->get_request(request))
        {
                this->logger->log(this->logger, ERROR | MORE, "Only requests of type IKE_AUTH supported in state ike_sa_init_responded");
                return FAILED;
@@ -110,7 +105,7 @@ static status_t process_message(private_ike_sa_init_responded_t *this, message_t
        
        /* parse incoming message */
 
-       status = message->parse_body(message, crypter, signer);
+       status = request->parse_body(request, crypter, signer);
        if (status != SUCCESS)
        {
                this->logger->log(this->logger, ERROR | MORE, "Could not parse body of request message");
@@ -118,7 +113,7 @@ static status_t process_message(private_ike_sa_init_responded_t *this, message_t
        }
        
        /* iterate over incoming payloads. Message is verified, we can be sure there are the required payloads */
-       payloads = message->get_payload_iterator(message);
+       payloads = request->get_payload_iterator(request);
        while (payloads->has_next(payloads))
        {
                payload_t *payload;
@@ -128,22 +123,22 @@ static status_t process_message(private_ike_sa_init_responded_t *this, message_t
                {
                        case ID_INITIATOR:
                        {
-                               idi_payload = (id_payload_t*)payload;
+                               idi_request = (id_payload_t*)payload;
                                break;  
                        }
                        case AUTHENTICATION:
                        {
-                               auth_payload = (auth_payload_t*)payload;
+                               auth_request = (auth_payload_t*)payload;
                                break;  
                        }
                        case ID_RESPONDER:
                        {
-                               /* TODO handle idr payloads */
+                               idr_request = (id_payload_t*)payload;
                                break;  
                        }
                        case SECURITY_ASSOCIATION:
                        {
-                               sa_payload = (sa_payload_t*)payload;
+                               sa_request = (sa_payload_t*)payload;
                                break;
                        }
                        case CERTIFICATE:
@@ -158,17 +153,17 @@ static status_t process_message(private_ike_sa_init_responded_t *this, message_t
                        }
                        case TRAFFIC_SELECTOR_INITIATOR:
                        {
-                               tsi_payload = (ts_payload_t*)payload;                           
+                               tsi_request = (ts_payload_t*)payload;                           
                                break;  
                        }
                        case TRAFFIC_SELECTOR_RESPONDER:
                        {
-                               tsr_payload = (ts_payload_t*)payload;
+                               tsr_request = (ts_payload_t*)payload;
                                break;  
                        }
                        default:
                        {
-                               /* can't happen, since message is verified */
+                               /* can't happen, since message is verified, notify's? */
                                break;
                        }
                }
@@ -176,68 +171,225 @@ static status_t process_message(private_ike_sa_init_responded_t *this, message_t
        /* iterator can be destroyed */
        payloads->destroy(payloads);
        
+       /* build response */
+       this->ike_sa->build_message(this->ike_sa, IKE_AUTH, FALSE, &response);
        
-       /* 
-        * ID Payload 
-        */
-       this->logger->log(this->logger, CONTROL|MOST, "type of IDi is %s", 
-                                               mapping_find(id_type_m, idi_payload->get_id_type(idi_payload)));
-       chunk_t data = idi_payload->get_data(idi_payload);
-       
-       this->logger->log(this->logger, CONTROL|MOST, "data of IDi is %s", 
-                                               data.ptr);
-       
-//     charon->configuration_manager->get_my_default_id(charon->configuration_manager, id
-//
-//     
-//     
-//     
-//     this->logger->log(this->logger, CONTROL|MOST, "type of AUTH is %s", 
-//                                             mapping_find(auth_method_m, auth_payload->get_auth_method(auth_payload)));
-//     
-//     /* get the list of suggested proposals */ 
-//     suggested_proposals = sa_payload->create_proposal_substructure_iterator(sa_payload, TRUE);
-//     
-//     /* now let the configuration-manager select a subset of the proposals */
-//     status = charon->configuration_manager->select_proposals_for_host(charon->configuration_manager,
-//                                             this->ike_sa->get_other_host(this->ike_sa), suggested_proposals, accepted_proposals);
-//                             
-                       
-//     iterator = tsi_payload->create_traffic_selector_substructure_iterator(tsi_payload, TRUE);
-//     while (iterator->has_next(iterator))
-//     {
-//             traffic_selector_substructure_t *ts;
-//             iterator->current(iterator, (void**)ts);
-//             this->logger->log(this->logger, CONTROL|MOST, "type of TSi is %s", 
-//                                                     mapping_find(ts_type_m, ts->get_ts_type(ts)));
-//             
-//     }
-//     iterator->destroy(iterator);
-//     
-//     iterator = tsr_payload->create_traffic_selector_substructure_iterator(tsr_payload, TRUE);
-//     while (iterator->has_next(iterator))
-//     {
-//             traffic_selector_substructure_t *ts;
-//             iterator->current(iterator, (void**)ts);
-//             this->logger->log(this->logger, CONTROL|MOST, "type of TSr is %s", 
-//                                                     mapping_find(ts_type_m, ts->get_ts_type(ts)));
-//             
-//     }
-//     iterator->destroy(iterator);
-       
-       
-       
-       this->logger->log(this->logger, CONTROL | MORE, "Request successfully handled. Going to create reply.");
+       /* add payloads to it */
        
+       status = this->build_idr_payload(this, idi_request, idr_request, response);
+       if (status != SUCCESS)
+       {
+               this->logger->log(this->logger, ERROR, "Building idr payload failed");
+               response->destroy(response);
+               return status;
+       }
+       status = this->build_sa_payload(this, sa_request, response);
+       if (status != SUCCESS)
+       {
+               this->logger->log(this->logger, ERROR, "Building sa payload failed");
+               response->destroy(response);
+               return status;
+       }
+       status = this->build_auth_payload(this, auth_request, response);
+       if (status != SUCCESS)
+       {
+               this->logger->log(this->logger, ERROR, "Building auth payload failed");
+               response->destroy(response);
+               return status;
+       }
+       status = this->build_ts_payload(this, TRUE, tsi_request, response);
+       if (status != SUCCESS)
+       {
+               this->logger->log(this->logger, ERROR, "Building tsi payload failed");
+               response->destroy(response);
+               return status;
+       }
+       status = this->build_ts_payload(this, FALSE, tsr_request, response);
+       if (status != SUCCESS)
+       {
+               this->logger->log(this->logger, ERROR, "Building tsr payload failed");
+               response->destroy(response);
+               return status;
+       }
+       
+       /* generate response, get transfroms first */
+       signer = this->ike_sa->get_signer_responder(this->ike_sa);
+       crypter = this->ike_sa->get_crypter_responder(this->ike_sa);
+       status = response->generate(response, crypter, signer, &response_packet);
+       if (status != SUCCESS)
+       {
+               this->logger->log(this->logger, ERROR, "Error in message generation");
+               response->destroy(response);
+               return status;
+       }
+
+       
+       /* send it out */
+       this->logger->log(this->logger, CONTROL | MORE, "IKE_AUTH request successfully handled. Sending reply.");
+       charon->send_queue->add(charon->send_queue, response_packet);
+       /* store for timeout reply */
+       this->ike_sa->set_last_responded_message(this->ike_sa, response);
+       
+       /* create new state */
+       this->ike_sa->set_new_state(this->ike_sa, (state_t*)ike_sa_established_create(this->ike_sa));
+
        return SUCCESS;
 }
 
-
-static status_t build_id_payload(private_ike_sa_init_responded_t *this, id_payload_t *id_payload)
+/**
+ * Implements private_ike_sa_init_responded_t.build_idr_payload
+ */
+static status_t build_idr_payload(private_ike_sa_init_responded_t *this, id_payload_t *request_idi, id_payload_t *request_idr, message_t *response)
 {
+       identification_t *other_id, *my_id = NULL;
+       init_config_t *init_config;
+       status_t status;
+       id_payload_t *idr_response;
+       
+       other_id = request_idi->get_identification(request_idi);
+       if (request_idr)
+       {
+               my_id = request_idr->get_identification(request_idr);
+       }
+
+       /* build new sa config */
+       init_config = this->ike_sa->get_init_config(this->ike_sa);
+       status = charon->configuration_manager->get_sa_config_for_init_config_and_id(charon->configuration_manager,init_config, other_id,my_id, &(this->sa_config));
+       if (status != SUCCESS)
+       {       
+               this->logger->log(this->logger, ERROR, "Could not find config for %s", other_id->get_string(other_id));
+               return NOT_FOUND;
+       }
+       
+       /* set sa_config in ike_sa for other states */
+       this->ike_sa->set_sa_config(this->ike_sa, this->sa_config);
+       
+       /*  build response */
+       idr_response = id_payload_create_from_identification(FALSE, other_id);
+       response->add_payload(response, (payload_t*)idr_response);
+       
+       if (my_id)
+       {
+               my_id->destroy(my_id);  
+       }
+       other_id->destroy(other_id);
+       
        return SUCCESS;
 }
 
+/**
+ * Implements private_ike_sa_init_responded_t.build_sa_payload
+ */
+static status_t build_sa_payload(private_ike_sa_init_responded_t *this, sa_payload_t *request, message_t *response)
+{
+       child_proposal_t *proposals, *proposal_chosen;
+       size_t proposal_count;
+       status_t status;
+       sa_payload_t *sa_response;
+       
+       /* dummy spis, until we have a child sa to request them */
+       u_int8_t ah_spi[4] = {0x01, 0x02, 0x03, 0x04};
+       u_int8_t esp_spi[4] = {0x05, 0x06, 0x07, 0x08};
+       
+       status = request->get_child_proposals(request, &proposals, &proposal_count);
+       if (status == SUCCESS)
+       {
+               proposal_chosen = this->sa_config->select_proposal(this->sa_config, ah_spi, esp_spi, proposals, proposal_count);
+               if (proposal_chosen != NULL)
+               {
+                       sa_response = sa_payload_create_from_child_proposals(proposal_chosen, 1);
+                       response->add_payload(response, (payload_t*)sa_response);
+               }
+               else
+               {
+                       this->logger->log(this->logger, ERROR, "no matching proposal found");
+                       status = NOT_FOUND;     
+               }
+       }
+       else
+       {
+               this->logger->log(this->logger, ERROR, "requestor's sa payload contained no proposals");
+               status =  NOT_FOUND;
+       }
+       
+       
+       allocator_free(proposal_chosen);
+       allocator_free(proposals);
+       
+       
+       return status;
+}
+
+/**
+ * Implements private_ike_sa_init_responded_t.build_auth_payload
+ */
+static status_t build_auth_payload(private_ike_sa_init_responded_t *this, auth_payload_t *request, message_t *response)
+{
+       auth_payload_t *dummy;
+       u_int8_t data[] = {0x01,0x03,0x01,0x03,0x01,0x03,0x01,0x03,0x01,0x03,0x01,0x03,0x01,0x03,0x01,0x03};
+       chunk_t auth_data;
+       auth_data.ptr = data;
+       auth_data.len = sizeof(data);
+       
+       /* TODO VERIFY auth here */
+       
+       dummy = auth_payload_create();
+       dummy->set_data(dummy, auth_data);
+       dummy->set_auth_method(dummy, RSA_DIGITAL_SIGNATURE);
+       
+       /* TODO replace dummy */
+       
+       response->add_payload(response, (payload_t *)dummy);
+       return SUCCESS; 
+}
+
+/**
+ * Implements private_ike_sa_init_responded_t.build_ts_payload
+ */
+static status_t build_ts_payload(private_ike_sa_init_responded_t *this, bool ts_initiator, ts_payload_t *request, message_t* response)
+{
+       traffic_selector_t **ts_received, **ts_selected;
+       size_t ts_received_count, ts_selected_count;
+       status_t status = SUCCESS;
+       ts_payload_t *ts_response;
+       
+       /* build a reply payload with selected traffic selectors */
+       ts_received_count = request->get_traffic_selectors(request, &ts_received);
+       /* select ts depending on payload type */
+       if (ts_initiator)
+       {
+               ts_selected_count = this->sa_config->select_traffic_selectors_initiator(this->sa_config, ts_received, ts_received_count, &ts_selected);
+       }
+       else
+       {
+               ts_selected_count = this->sa_config->select_traffic_selectors_responder(this->sa_config, ts_received, ts_received_count, &ts_selected);
+       }
+       if(ts_selected_count == 0)
+       {
+               status = NOT_FOUND;     
+       }
+       else
+       {
+               ts_response = ts_payload_create_from_traffic_selectors(FALSE, ts_selected, ts_selected_count);
+               response->add_payload(response, (payload_t*)ts_response);
+       }
+       
+       /* cleanup */
+       while(ts_received_count--) 
+       {
+               traffic_selector_t *ts = *ts_received + ts_received_count;
+               ts->destroy(ts);
+       }
+       allocator_free(ts_received);
+       while(ts_selected_count--) 
+       {
+               traffic_selector_t *ts = *ts_selected + ts_selected_count;
+               ts->destroy(ts);
+       }
+       allocator_free(ts_selected);
+       return status;
+}
+
 /**
  * Implements state_t.get_state
  */
@@ -253,14 +405,7 @@ static void destroy(private_ike_sa_init_responded_t *this)
 {
        this->logger->log(this->logger, CONTROL | MORE, "Going to destroy ike_sa_init_responded_t state object");
        
-       this->logger->log(this->logger, CONTROL | MOST, "Destroy shared_secret");
-       allocator_free(this->shared_secret.ptr);
-
-       this->logger->log(this->logger, CONTROL | MOST, "Destroy sent nonce");
-       allocator_free(this->sent_nonce.ptr);
-
-       this->logger->log(this->logger, CONTROL | MOST, "Destroy received nonce");
-       allocator_free(this->received_nonce.ptr);
+       charon->logger_manager->destroy_logger(charon->logger_manager, this->logger);
        
        allocator_free(this);
 }
@@ -268,8 +413,7 @@ static void destroy(private_ike_sa_init_responded_t *this)
 /* 
  * Described in header.
  */
- 
-ike_sa_init_responded_t *ike_sa_init_responded_create(protected_ike_sa_t *ike_sa, chunk_t shared_secret, chunk_t received_nonce, chunk_t sent_nonce)
+ike_sa_init_responded_t *ike_sa_init_responded_create(protected_ike_sa_t *ike_sa)
 {
        private_ike_sa_init_responded_t *this = allocator_alloc_thing(private_ike_sa_init_responded_t);
 
@@ -278,12 +422,15 @@ ike_sa_init_responded_t *ike_sa_init_responded_create(protected_ike_sa_t *ike_sa
        this->public.state_interface.get_state = (ike_sa_state_t (*) (state_t *)) get_state;
        this->public.state_interface.destroy  = (void (*) (state_t *)) destroy;
        
+       /* private functions */
+       this->build_idr_payload = build_idr_payload;
+       this->build_sa_payload = build_sa_payload;
+       this->build_auth_payload = build_auth_payload;
+       this->build_ts_payload = build_ts_payload;
+       
        /* private data */
        this->ike_sa = ike_sa;
        this->logger = this->ike_sa->get_logger(this->ike_sa);
-       this->shared_secret = shared_secret;
-       this->received_nonce = received_nonce;
-       this->sent_nonce = sent_nonce;
        
        return &(this->public);
 }

diff --git a/Source/charon/sa/states/ike_sa_init_responded.h b/Source/charon/sa/states/ike_sa_init_responded.h
index aa07f76b9221f01281c6997b990601ba5c94750e..e65c4e5e5ad9d92327b36c434d55a94084dcf00f 100644 (file)
--- a/Source/charon/sa/states/ike_sa_init_responded.h
+++ b/Source/charon/sa/states/ike_sa_init_responded.h
@@ -50,6 +50,6 @@ struct ike_sa_init_responded_t {
  * 
  * @ingroup states
  */
-ike_sa_init_responded_t *ike_sa_init_responded_create(protected_ike_sa_t *ike_sa, chunk_t shared_secret, chunk_t received_nonce, chunk_t sent_nonce);
+ike_sa_init_responded_t *ike_sa_init_responded_create(protected_ike_sa_t *ike_sa);
 
 #endif /*IKE_SA_INIT_RESPONDED_H_*/

diff --git a/Source/charon/sa/states/responder_init.c b/Source/charon/sa/states/responder_init.c
index ee9584e2c8814696ed974feeabebe789b2e05b4b..3c03adf4139069df99fc5e3392b584e07f5718ca 100644 (file)
--- a/Source/charon/sa/states/responder_init.c
+++ b/Source/charon/sa/states/responder_init.c
@@ -361,7 +361,7 @@ static status_t process_message(private_responder_init_t *this, message_t *messa
        /* state can now be changed */
        this->logger->log(this->logger, CONTROL|MOST, "Create next state object");
 
-       next_state = ike_sa_init_responded_create(this->ike_sa, shared_secret, this->received_nonce, this->sent_nonce);
+       next_state = ike_sa_init_responded_create(this->ike_sa);
        
        /* last message can now be set */
        status = this->ike_sa->set_last_responded_message(this->ike_sa, response);

diff --git a/Source/charon/utils/logger_manager.c b/Source/charon/utils/logger_manager.c
index d030d5cbef3e88319c971a39f3f275bb6926274a..8c19e9dae273e3229e1ddee35b618b45adb75a2d 100644 (file)
--- a/Source/charon/utils/logger_manager.c
+++ b/Source/charon/utils/logger_manager.c
@@ -42,6 +42,7 @@ mapping_t logger_context_t_mappings[] = {
        {TESTER, "TESTER"},
        {DAEMON, "DAEMON"},
        {CONFIGURATION_MANAGER, "CONFIG"},
+       {ENCRYPTION_PAYLOAD, "ENCPLD"},
 };
 
 /** 
@@ -148,6 +149,7 @@ static logger_t *create_logger(private_logger_manager_t *this, logger_context_t
                        logger_level |= FULL;
                case IKE_SA_MANAGER:
                case MESSAGE:
+               case ENCRYPTION_PAYLOAD:
                case WORKER:
                        logger_level |= ALL;
                case PARSER:

diff --git a/Source/charon/utils/logger_manager.h b/Source/charon/utils/logger_manager.h
index c663bd7de274485a50cbd5dec94c19953ba37882..80a9291fc8a0b53697184c82c319ed12dc096af3 100644 (file)
--- a/Source/charon/utils/logger_manager.h
+++ b/Source/charon/utils/logger_manager.h
@@ -49,6 +49,7 @@ enum logger_context_t {
        TESTER,
        DAEMON,
        CONFIGURATION_MANAGER,
+       ENCRYPTION_PAYLOAD,
 };
 
 typedef struct logger_manager_t logger_manager_t;