diff options
| author | Jan Hutter <jhutter@hsr.ch> | 2005-11-25 13:42:02 +0000 |
|---|---|---|
| committer | Jan Hutter <jhutter@hsr.ch> | 2005-11-25 13:42:02 +0000 |
| commit | aad398a70ce0249440bf5f6e564be39b05f01801 (patch) | |
| tree | 57ae98762b7bec05838fdb1e783185fd4bed0bcd | |
| parent | 40ced1dfc30812a94c7954411806b290c0f7a335 (diff) | |
| download | strongswan-aad398a70ce0249440bf5f6e564be39b05f01801.tar.bz2 strongswan-aad398a70ce0249440bf5f6e564be39b05f01801.tar.xz | |
- changed interface of ike_sa
- states can access ike_sa fields now just with functions
| -rw-r--r-- | Source/charon/sa/ike_sa.c | 359 | ||||
| -rw-r--r-- | Source/charon/sa/ike_sa.h | 178 | ||||
| -rw-r--r-- | Source/charon/sa/states/ike_auth_requested.c | 5 | ||||
| -rw-r--r-- | Source/charon/sa/states/ike_sa_established.c | 5 | ||||
| -rw-r--r-- | Source/charon/sa/states/ike_sa_init_requested.c | 38 | ||||
| -rw-r--r-- | Source/charon/sa/states/ike_sa_init_responded.c | 7 | ||||
| -rw-r--r-- | Source/charon/sa/states/initiator_init.c | 47 | ||||
| -rw-r--r-- | Source/charon/sa/states/initiator_init.h | 3 | ||||
| -rw-r--r-- | Source/charon/sa/states/responder_init.c | 74 | ||||
| -rw-r--r-- | Source/charon/sa/states/state.h | 4 |
10 files changed, 500 insertions, 220 deletions
diff --git a/Source/charon/sa/ike_sa.c b/Source/charon/sa/ike_sa.c index 7e7a4f730..9eb15e7be 100644 --- a/Source/charon/sa/ike_sa.c +++ b/Source/charon/sa/ike_sa.c @@ -44,16 +44,175 @@ +typedef struct private_ike_sa_t private_ike_sa_t; + +/** + * Private data of an ike_sa_t object. + */ +struct private_ike_sa_t { + + /** + * Protected part of a ike_sa_t object. + */ + protected_ike_sa_t protected; + + + /** + * Creates a job to delete the given IKE_SA. + * + * @param this calling object + */ + status_t (*create_delete_job) (private_ike_sa_t *this); + + /** + * Resends the last sent reply. + * + * @param this calling object + */ + status_t (*resend_last_reply) (private_ike_sa_t *this); + + /* private values */ + + /** + * Identifier for the current IKE_SA + */ + ike_sa_id_t *ike_sa_id; + + /** + * Linked List containing the child sa's of the current IKE_SA + */ + linked_list_t *child_sas; + + /** + * Current state of the IKE_SA + */ + state_t *current_state; + + /** + * this SA's source for random data + */ + randomizer_t *randomizer; + + /** + * contains the last responded message + * + */ + message_t *last_responded_message; + + /** + * contains the last requested message + * + */ + message_t *last_requested_message; + + /** + * Informations of this host + */ + struct { + host_t *host; + } me; + + /** + * Informations of the other host + */ + struct { + host_t *host; + } other; + + /** + * Crypter object for initiator + */ + crypter_t *crypter_initiator; + + /** + * Crypter object for responder + */ + crypter_t *crypter_responder; + + /** + * Signer object for initiator + */ + signer_t *signer_initiator; + + /** + * Signer object for responder + */ + signer_t *signer_responder; + + /** + * prf function + */ + prf_t *prf; + + + + /** + * Shared secrets + */ + struct { + /** + * Key used for deriving other keys + */ + chunk_t d_key; + + /** + * Key for authenticate (initiator) + */ + chunk_t ai_key; + + /** + * Key for authenticate (responder) + */ + chunk_t ar_key; + + /** + * Key for encryption (initiator) + */ + chunk_t ei_key; + + /** + * Key for encryption (responder) + */ + chunk_t er_key; + + /** + * Key for generating auth payload (initiator) + */ + chunk_t pi_key; + + /** + * Key for generating auth payload (responder) + */ + chunk_t pr_key; + + } secrets; + + /** + * next message id to receive + */ + u_int32_t message_id_in; + + /** + * next message id to send + */ + u_int32_t message_id_out; + + /** + * a logger for this IKE_SA + */ + logger_t *logger; +}; + + /** * @brief implements function process_message of protected_ike_sa_t */ -static status_t process_message (protected_ike_sa_t *this, message_t *message) +static status_t process_message (private_ike_sa_t *this, message_t *message) { u_int32_t message_id; exchange_type_t exchange_type; bool is_request; status_t status; - state_t *new_state; /* we must process each request or response from remote host */ @@ -96,19 +255,16 @@ static status_t process_message (protected_ike_sa_t *this, message_t *message) } /* now the message is processed by the current state object */ - status = this->current_state->process_message(this->current_state,message,&new_state); + /* the current state does change the current change to the next one*/ + status = this->current_state->process_message(this->current_state,message); - if (status == SUCCESS) - { - this->current_state = new_state; - } return status; } /** * @brief Implements function build_message of protected_ike_sa_t. */ -static status_t build_message(protected_ike_sa_t *this, exchange_type_t type, bool request, message_t **message) +static status_t build_message(private_ike_sa_t *this, exchange_type_t type, bool request, message_t **message) { status_t status; message_t *new_message; @@ -162,12 +318,11 @@ static status_t build_message(protected_ike_sa_t *this, exchange_type_t type, bo /** * @brief implements function process_configuration of protected_ike_sa_t */ -static status_t initialize_connection(protected_ike_sa_t *this, char *name) +static status_t initialize_connection(private_ike_sa_t *this, char *name) { /* work is done in state object of type INITIATOR_INIT */ initiator_init_t *current_state; status_t status; - state_t *new_state; if (this->current_state->get_state(this->current_state) != INITIATOR_INIT) { @@ -176,13 +331,9 @@ static status_t initialize_connection(protected_ike_sa_t *this, char *name) current_state = (initiator_init_t *) this->current_state; - status = current_state->initiate_connection(current_state,name,&new_state); + status = current_state->initiate_connection(current_state,name); - if (status == SUCCESS) - { - this->current_state = new_state; - } - else + if (status != SUCCESS) { this->create_delete_job(this); } @@ -192,12 +343,12 @@ static status_t initialize_connection(protected_ike_sa_t *this, char *name) /** * @brief implements function protected_ike_sa_t.get_id */ -static ike_sa_id_t* get_id(protected_ike_sa_t *this) +static ike_sa_id_t* get_id(private_ike_sa_t *this) { return this->ike_sa_id; } -static status_t compute_secrets (protected_ike_sa_t *this,chunk_t dh_shared_secret,chunk_t initiator_nonce, chunk_t responder_nonce) +static status_t compute_secrets (private_ike_sa_t *this,chunk_t dh_shared_secret,chunk_t initiator_nonce, chunk_t responder_nonce) { chunk_t concatenated_nonces; chunk_t skeyseed; @@ -294,7 +445,7 @@ static status_t compute_secrets (protected_ike_sa_t *this,chunk_t dh_shared_secr /** * @brief implements function resend_last_reply of protected_ike_sa_t */ -status_t resend_last_reply (protected_ike_sa_t *this) +status_t resend_last_reply (private_ike_sa_t *this) { packet_t *packet; status_t status; @@ -316,7 +467,7 @@ status_t resend_last_reply (protected_ike_sa_t *this) return SUCCESS; } -status_t create_delete_job (protected_ike_sa_t *this) +status_t create_delete_job (private_ike_sa_t *this) { job_t *delete_job; status_t status; @@ -341,9 +492,140 @@ status_t create_delete_job (protected_ike_sa_t *this) } /** + * Implementation of protected_ike_sa_t.set_new_state. + */ +static void set_new_state (private_ike_sa_t *this, state_t *state) +{ + this->current_state = state; +} + +/** + * Implementation of protected_ike_sa_t.get_logger. + */ +static logger_t *get_logger (private_ike_sa_t *this) +{ + return this->logger; +} + +/** + * Implementation of protected_ike_sa_t.get_my_host. + */ +static host_t *get_my_host (private_ike_sa_t *this) +{ + return this->me.host; +} + +/** + * Implementation of protected_ike_sa_t.get_other_host. + */ +static host_t *get_other_host (private_ike_sa_t *this) +{ + return this->other.host; +} + +/** + * Implementation of protected_ike_sa_t.set_my_host. + */ +static void set_my_host (private_ike_sa_t *this, host_t *my_host) +{ + if (this->me.host != NULL) + { + this->me.host->destroy(this->me.host); + } + this->me.host = my_host; +} + +/** + * Implementation of protected_ike_sa_t.set_other_host. + */ +static void set_other_host (private_ike_sa_t *this, host_t *other_host) +{ + if (this->other.host != NULL) + { + this->other.host->destroy(this->other.host); + } + this->other.host = other_host; +} + +/** + * Implementation of protected_ike_sa_t.set_prf. + */ +static void set_prf (private_ike_sa_t *this,prf_t *prf) +{ + if (this->prf != NULL) + { + this->prf->destroy(this->prf); + } + this->prf = prf; +} + +/** + * Implementation of protected_ike_sa_t.get_randomizer. + */ +static randomizer_t *get_randomizer (private_ike_sa_t *this) +{ + return this->randomizer; +} + +/** + * Implementation of protected_ike_sa_t.set_last_requested_message. + */ +static status_t set_last_requested_message (private_ike_sa_t *this,message_t * message) +{ + if ( this->last_requested_message != NULL) + { + /* destroy message */ + this ->logger->log(this->logger, CONTROL|MOST, "Destroy stored last requested message"); + this->last_requested_message->destroy(this->last_requested_message); + } + + if (message->get_message_id(message) != this->message_id_out) + { + this ->logger->log(this->logger, CONTROL|MOST, "last requested message could not be set cause id was not as expected"); + return FAILED; + } + this ->logger->log(this->logger, CONTROL|MOST, "replace last requested message with new one"); + this->last_requested_message = message; + + /* message counter can now be increased */ + this ->logger->log(this->logger, CONTROL|MOST, "Increate message counter for outgoing messages"); + this->message_id_out++; + return SUCCESS; +} + + +/** + * Implementation of protected_ike_sa_t.set_last_responded_message. + */ +static status_t set_last_responded_message (private_ike_sa_t *this,message_t * message) +{ + if ( this->last_responded_message != NULL) + { + /* destroy message */ + this ->logger->log(this->logger, CONTROL|MOST, "Destroy stored last responded message"); + this->last_responded_message->destroy(this->last_responded_message); + } + if (message->get_message_id(message) != this->message_id_in) + { + this ->logger->log(this->logger, CONTROL|MOST, "last responded message could not be set cause id was not as expected"); + return FAILED; + + } + this ->logger->log(this->logger, CONTROL|MOST, "replace last responded message with new one"); + this->last_responded_message = message; + + /* message counter can now be increased */ + this ->logger->log(this->logger, CONTROL|MOST, "Increate message counter for incoming messages"); + this->message_id_in++; + + return SUCCESS; +} + + +/** * @brief implements function destroy of protected_ike_sa_t */ -static status_t destroy (protected_ike_sa_t *this) +static status_t destroy (private_ike_sa_t *this) { this->logger->log(this->logger, CONTROL | MORE, "Going to destroy IKE_SA"); @@ -470,23 +752,36 @@ static status_t destroy (protected_ike_sa_t *this) */ ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id) { - protected_ike_sa_t *this = allocator_alloc_thing(protected_ike_sa_t); + private_ike_sa_t *this = allocator_alloc_thing(private_ike_sa_t); if (this == NULL) { return NULL; } /* Public functions */ - this->public.process_message = (status_t(*)(ike_sa_t*, message_t*)) process_message; - this->public.initialize_connection = (status_t(*)(ike_sa_t*, char*)) initialize_connection; - this->public.get_id = (ike_sa_id_t*(*)(ike_sa_t*)) get_id; - this->public.destroy = (status_t(*)(ike_sa_t*))destroy; - + this->protected.public.process_message = (status_t(*)(ike_sa_t*, message_t*)) process_message; + this->protected.public.initialize_connection = (status_t(*)(ike_sa_t*, char*)) initialize_connection; + this->protected.public.get_id = (ike_sa_id_t*(*)(ike_sa_t*)) get_id; + this->protected.public.destroy = (status_t(*)(ike_sa_t*))destroy; + + /* protected functions */ + this->protected.build_message = (status_t (*) (protected_ike_sa_t *, exchange_type_t , bool , message_t **)) build_message; + this->protected.compute_secrets = (status_t (*) (protected_ike_sa_t *,chunk_t ,chunk_t , chunk_t )) compute_secrets; + this->protected.get_logger = (logger_t *(*) (protected_ike_sa_t *)) get_logger; + this->protected.get_my_host = (host_t *(*) (protected_ike_sa_t *)) get_my_host; + this->protected.get_other_host = (host_t *(*) (protected_ike_sa_t *)) get_other_host; + this->protected.set_my_host = (void(*) (protected_ike_sa_t *,host_t *)) set_my_host; + this->protected.set_other_host = (void(*) (protected_ike_sa_t *, host_t *)) set_other_host; + this->protected.get_randomizer = (randomizer_t *(*) (protected_ike_sa_t *)) get_randomizer; + this->protected.set_last_requested_message = (status_t (*) (protected_ike_sa_t *,message_t *)) set_last_requested_message; + this->protected.set_last_responded_message = (status_t (*) (protected_ike_sa_t *,message_t *)) set_last_responded_message; + this->protected.set_prf = (void (*) (protected_ike_sa_t *,prf_t *)) set_prf; + this->protected.set_new_state = (void (*) (protected_ike_sa_t *,state_t *)) set_new_state; + /* private functions */ - this->build_message = build_message; this->resend_last_reply = resend_last_reply; this->create_delete_job = create_delete_job; - this->compute_secrets = compute_secrets; + /* initialize private fields */ this->logger = global_logger_manager->create_logger(global_logger_manager, IKE_SA, NULL); @@ -553,11 +848,11 @@ ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id) /* at creation time, IKE_SA is in a initiator state */ if (ike_sa_id->is_initiator(ike_sa_id)) { - this->current_state = (state_t *) initiator_init_create(this); + this->current_state = (state_t *) initiator_init_create(&(this->protected)); } else { - this->current_state = (state_t *) responder_init_create(this); + this->current_state = (state_t *) responder_init_create(&(this->protected)); } if (this->current_state == NULL) @@ -571,5 +866,5 @@ ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id) } - return &(this->public); + return &(this->protected.public); } diff --git a/Source/charon/sa/ike_sa.h b/Source/charon/sa/ike_sa.h index 8a1ed0000..aa6c0d50f 100644 --- a/Source/charon/sa/ike_sa.h +++ b/Source/charon/sa/ike_sa.h @@ -124,148 +124,106 @@ struct protected_ike_sa_t { * @return TODO */ status_t (*compute_secrets) (protected_ike_sa_t *this,chunk_t dh_shared_secret,chunk_t initiator_nonce, chunk_t responder_nonce); - - /** - * Creates a job to delete the given IKE_SA - */ - status_t (*create_delete_job) (protected_ike_sa_t *this); - - /** - * Resends the last sent reply - */ - status_t (*resend_last_reply) (protected_ike_sa_t *this); - - - /* protected values */ - - /** - * Identifier for the current IKE_SA - */ - ike_sa_id_t *ike_sa_id; - - /** - * Linked List containing the child sa's of the current IKE_SA - */ - linked_list_t *child_sas; - - /** - * Current state of the IKE_SA - */ - state_t *current_state; /** - * this SA's source for random data + * Gets the internal stored logger_t object for given ike_sa_t object. + * + * @param this calling object + * @return pointer to the internal stored logger_t object */ - randomizer_t *randomizer; + logger_t *(*get_logger) (protected_ike_sa_t *this); + /** - * contains the last responded message + * Gets the internal stored host_t object for my host. * + * @param this calling object + * @return pointer to the internal stored host_t object */ - message_t *last_responded_message; + host_t *(*get_my_host) (protected_ike_sa_t *this); /** - * contains the last requested message + * Gets the internal stored host_t object for other host. * + * @param this calling object + * @return pointer to the internal stored host_t object */ - message_t *last_requested_message; + host_t *(*get_other_host) (protected_ike_sa_t *this); /** - * Informations of this host + * Sets the internal stored host_t object for my host. + * + * Allready existing object gets destroyed. object gets not cloned! + * + * @param this calling object + * @param my_host pointer to the new host_t object */ - struct { - host_t *host; - } me; + void (*set_my_host) (protected_ike_sa_t *this,host_t * my_host); /** - * Informations of the other host - */ - struct { - host_t *host; - } other; - - /** - * Crypter object for initiator - */ - crypter_t *crypter_initiator; - - /** - * Crypter object for responder - */ - crypter_t *crypter_responder; - - /** - * Signer object for initiator - */ - signer_t *signer_initiator; - - /** - * Signer object for responder + * Sets the internal stored host_t object for other host. + * + * Allready existing object gets destroyed. object gets not cloned! + * + * @param this calling object + * @param other_host pointer to the new host_t object */ - signer_t *signer_responder; + void (*set_other_host) (protected_ike_sa_t *this,host_t *other_host); /** - * prf function + * Sets the internal stored prf_t object. + * + * Allready existing object gets destroyed. object gets not cloned! + * + * @param this calling object + * @param prf pointer to the new prf_t object */ - prf_t *prf; - - + void (*set_prf) (protected_ike_sa_t *this,prf_t *prf); /** - * Shared secrets + * Sets the last requested message. + * + * Allready set last requested message gets destroyed. object gets not cloned! + * + * @param this calling object + * @param message pointer to the new last requested message + * @return + * - SUCCESS + * - FAILED if message id is not next expected one */ - struct { - /** - * Key used for deriving other keys - */ - chunk_t d_key; - - /** - * Key for authenticate (initiator) - */ - chunk_t ai_key; - - /** - * Key for authenticate (responder) - */ - chunk_t ar_key; - - /** - * Key for encryption (initiator) - */ - chunk_t ei_key; - - /** - * Key for encryption (responder) - */ - chunk_t er_key; - - /** - * Key for generating auth payload (initiator) - */ - chunk_t pi_key; - - /** - * Key for generating auth payload (responder) - */ - chunk_t pr_key; - - } secrets; + status_t (*set_last_requested_message) (protected_ike_sa_t *this,message_t * message); /** - * next message id to receive + * Sets the last responded message. + * + * Allready set last requested message gets destroyed. object gets not cloned! + * + * @param this calling object + * @param message pointer to the new last responded message + * return + * - SUCCESS + * - FAILED if message id is not next expected one */ - u_int32_t message_id_in; + status_t (*set_last_responded_message) (protected_ike_sa_t *this,message_t * message); /** - * next message id to send + * Gets the internal stored randomizer_t object. + * + * @param this calling object + * @return pointer to the internal randomizer_t object */ - u_int32_t message_id_out; + randomizer_t *(*get_randomizer) (protected_ike_sa_t *this); /** - * a logger for this IKE_SA + * Sets the new state_t object of the IKE_SA object. + * + * The old state_t object gets not destroyed. It's the callers duty to + * make sure old state is destroyed (Normally the old state is the caller ). + * + * @param this calling object + * @param state pointer to the new state_t object */ - logger_t *logger; + void (*set_new_state) (protected_ike_sa_t *this,state_t *state); }; diff --git a/Source/charon/sa/states/ike_auth_requested.c b/Source/charon/sa/states/ike_auth_requested.c index 4681b64b0..43af215c2 100644 --- a/Source/charon/sa/states/ike_auth_requested.c +++ b/Source/charon/sa/states/ike_auth_requested.c @@ -47,9 +47,8 @@ struct private_ike_auth_requested_t { /** * Implements state_t.get_state */ -static status_t process_message(private_ike_auth_requested_t *this, message_t *message, state_t **new_state) +static status_t process_message(private_ike_auth_requested_t *this, message_t *message) { - *new_state = (state_t *) this; return SUCCESS; } @@ -83,7 +82,7 @@ ike_auth_requested_t *ike_auth_requested_create(protected_ike_sa_t *ike_sa) } /* interface functions */ - this->public.state_interface.process_message = (status_t (*) (state_t *,message_t *,state_t **)) process_message; + this->public.state_interface.process_message = (status_t (*) (state_t *,message_t *)) process_message; this->public.state_interface.get_state = (ike_sa_state_t (*) (state_t *)) get_state; this->public.state_interface.destroy = (status_t (*) (state_t *)) destroy; diff --git a/Source/charon/sa/states/ike_sa_established.c b/Source/charon/sa/states/ike_sa_established.c index 769ac8c4c..f9c68f162 100644 --- a/Source/charon/sa/states/ike_sa_established.c +++ b/Source/charon/sa/states/ike_sa_established.c @@ -47,9 +47,8 @@ struct private_ike_sa_established_t { /** * Implements state_t.get_state */ -static status_t process_message(private_ike_sa_established_t *this, message_t *message, state_t **new_state) +static status_t process_message(private_ike_sa_established_t *this, message_t *message) { - *new_state = (state_t *) this; return SUCCESS; } @@ -83,7 +82,7 @@ ike_sa_established_t *ike_sa_established_create(protected_ike_sa_t *ike_sa) } /* interface functions */ - this->public.state_interface.process_message = (status_t (*) (state_t *,message_t *,state_t **)) process_message; + this->public.state_interface.process_message = (status_t (*) (state_t *,message_t *)) process_message; this->public.state_interface.get_state = (ike_sa_state_t (*) (state_t *)) get_state; this->public.state_interface.destroy = (status_t (*) (state_t *)) destroy; diff --git a/Source/charon/sa/states/ike_sa_init_requested.c b/Source/charon/sa/states/ike_sa_init_requested.c index 040942aee..510697720 100644 --- a/Source/charon/sa/states/ike_sa_init_requested.c +++ b/Source/charon/sa/states/ike_sa_init_requested.c @@ -85,12 +85,14 @@ struct private_ike_sa_init_requested_t { /** * Implements state_t.get_state */ -static status_t process_message(private_ike_sa_init_requested_t *this, message_t *message, state_t **new_state) +static status_t process_message(private_ike_sa_init_requested_t *this, message_t *message) { - status_t status; - iterator_t *payloads; - exchange_type_t exchange_type; - u_int64_t responder_spi; + status_t status; + iterator_t *payloads; + exchange_type_t exchange_type; + u_int64_t responder_spi; + ike_sa_id_t *ike_sa_id; + exchange_type = message->get_exchange_type(message); if (exchange_type != IKE_SA_INIT) @@ -114,7 +116,8 @@ static status_t process_message(private_ike_sa_init_requested_t *this, message_t } responder_spi = message->get_responder_spi(message); - this->ike_sa->ike_sa_id->set_responder_spi(this->ike_sa->ike_sa_id,responder_spi); + ike_sa_id = this->ike_sa->public.get_id(&(this->ike_sa->public)); + ike_sa_id->set_responder_spi(ike_sa_id,responder_spi); /* iterate over incoming payloads */ status = message->get_payload_iterator(message, &payloads); @@ -138,7 +141,9 @@ static status_t process_message(private_ike_sa_init_requested_t *this, message_t encryption_algorithm_t encryption_algorithm = ENCR_UNDEFINED; pseudo_random_function_t pseudo_random_function = PRF_UNDEFINED; integrity_algorithm_t integrity_algorithm = AUTH_UNDEFINED; - + prf_t *prf; + + /* get the list of suggested proposals */ status = sa_payload->create_proposal_substructure_iterator(sa_payload, &suggested_proposals, TRUE); if (status != SUCCESS) @@ -151,7 +156,7 @@ static status_t process_message(private_ike_sa_init_requested_t *this, message_t /* now let the configuration-manager return the transforms for the given proposal*/ this->logger->log(this->logger, CONTROL | MOST, "Get transforms for suggested proposal"); status = global_configuration_manager->get_transforms_for_host_and_proposals(global_configuration_manager, - this->ike_sa->other.host, suggested_proposals, &encryption_algorithm,&pseudo_random_function,&integrity_algorithm); + this->ike_sa->get_other_host(this->ike_sa), suggested_proposals, &encryption_algorithm,&pseudo_random_function,&integrity_algorithm); if (status != SUCCESS) { this->logger->log(this->logger, ERROR | MORE, "Suggested proposals not supported!"); @@ -161,13 +166,14 @@ static status_t process_message(private_ike_sa_init_requested_t *this, message_t } suggested_proposals->destroy(suggested_proposals); - this->ike_sa->prf = prf_create(pseudo_random_function); - if (this->ike_sa->prf == NULL) + prf = prf_create(pseudo_random_function); + if (prf == NULL) { this->logger->log(this->logger, ERROR | MORE, "PRF type not supported"); payloads->destroy(payloads); return FAILED; } + this->ike_sa->set_prf(this->ike_sa,prf); /* ok, we have what we need for sa_payload */ @@ -251,12 +257,10 @@ static status_t process_message(private_ike_sa_init_requested_t *this, message_t * * TODO * - * Create PRF+ object - * - * Create Keys for next process - * * Send IKE_SA_AUTH request * + * Make state change + * ****************************/ @@ -269,7 +273,7 @@ static status_t process_message(private_ike_sa_init_requested_t *this, message_t // response->destroy(response); - *new_state = (state_t *) this; + return SUCCESS; } @@ -325,7 +329,7 @@ ike_sa_init_requested_t *ike_sa_init_requested_create(protected_ike_sa_t *ike_sa } /* interface functions */ - this->public.state_interface.process_message = (status_t (*) (state_t *,message_t *,state_t **)) process_message; + this->public.state_interface.process_message = (status_t (*) (state_t *,message_t *)) process_message; this->public.state_interface.get_state = (ike_sa_state_t (*) (state_t *)) get_state; this->public.state_interface.destroy = (status_t (*) (state_t *)) destroy; @@ -335,7 +339,7 @@ ike_sa_init_requested_t *ike_sa_init_requested_create(protected_ike_sa_t *ike_sa this->received_nonce.len = 0; this->shared_secret.ptr = NULL; this->shared_secret.len = 0; - this->logger = this->ike_sa->logger; + this->logger = this->ike_sa->get_logger(this->ike_sa); this->diffie_hellman = diffie_hellman; this->sent_nonce = sent_nonce; this->dh_group_priority = dh_group_priority; diff --git a/Source/charon/sa/states/ike_sa_init_responded.c b/Source/charon/sa/states/ike_sa_init_responded.c index 5c7ba0927..7bc3ee4ea 100644 --- a/Source/charon/sa/states/ike_sa_init_responded.c +++ b/Source/charon/sa/states/ike_sa_init_responded.c @@ -71,9 +71,8 @@ struct private_ike_sa_init_responded_t { /** * Implements state_t.get_state */ -static status_t process_message(private_ike_sa_init_responded_t *this, message_t *message, state_t **new_state) +static status_t process_message(private_ike_sa_init_responded_t *this, message_t *message) { - *new_state = (state_t *) this; return SUCCESS; } @@ -119,13 +118,13 @@ ike_sa_init_responded_t *ike_sa_init_responded_create(protected_ike_sa_t *ike_sa } /* interface functions */ - this->public.state_interface.process_message = (status_t (*) (state_t *,message_t *,state_t **)) process_message; + this->public.state_interface.process_message = (status_t (*) (state_t *,message_t *)) process_message; this->public.state_interface.get_state = (ike_sa_state_t (*) (state_t *)) get_state; this->public.state_interface.destroy = (status_t (*) (state_t *)) destroy; /* private data */ this->ike_sa = ike_sa; - this->logger = this->ike_sa->logger; + this->logger = this->ike_sa->get_logger(this->ike_sa); this->shared_secret = shared_secret; this->received_nonce = received_nonce; this->sent_nonce = sent_nonce; diff --git a/Source/charon/sa/states/initiator_init.c b/Source/charon/sa/states/initiator_init.c index c5acbd1e3..133d24097 100644 --- a/Source/charon/sa/states/initiator_init.c +++ b/Source/charon/sa/states/initiator_init.c @@ -146,29 +146,35 @@ struct private_initiator_init_t { /** * Implements function initiator_init_t.initiate_connection. */ -static status_t initiate_connection (private_initiator_init_t *this, char *name, state_t **new_state) +static status_t initiate_connection (private_initiator_init_t *this, char *name) { iterator_t *proposal_iterator; ike_sa_init_requested_t *next_state; message_t *message; packet_t *packet; status_t status; + host_t *my_host; + host_t *other_host; + randomizer_t *randomizer; + this->logger->log(this->logger, CONTROL, "Initializing connection %s",name); - status = global_configuration_manager->get_local_host(global_configuration_manager, name, &(this->ike_sa->me.host)); + status = global_configuration_manager->get_local_host(global_configuration_manager, name, &my_host); if (status != SUCCESS) { this->logger->log(this->logger, ERROR | MORE, "Could not retrieve local host configuration information for %s",name); return INVALID_ARG; } + this->ike_sa->set_my_host(this->ike_sa,my_host); - status = global_configuration_manager->get_remote_host(global_configuration_manager, name, &(this->ike_sa->other.host)); + status = global_configuration_manager->get_remote_host(global_configuration_manager, name, &other_host); if (status != SUCCESS) { this->logger->log(this->logger, ERROR | MORE, "Could not retrieve remote host configuration information for %s",name); return INVALID_ARG; } + this->ike_sa->set_other_host(this->ike_sa,other_host); status = global_configuration_manager->get_dh_group_number(global_configuration_manager, name, &(this->dh_group_number), this->dh_group_priority); if (status != SUCCESS) @@ -184,7 +190,7 @@ static status_t initiate_connection (private_initiator_init_t *this, char *name, return status; } - status = global_configuration_manager->get_proposals_for_host(global_configuration_manager, this->ike_sa->other.host, proposal_iterator); + status = global_configuration_manager->get_proposals_for_host(global_configuration_manager, this->ike_sa->get_other_host(this->ike_sa), proposal_iterator); /* not needed anymore */ proposal_iterator->destroy(proposal_iterator); if (status != SUCCESS) @@ -214,7 +220,8 @@ static status_t initiate_connection (private_initiator_init_t *this, char *name, } this ->logger->log(this->logger, CONTROL|MOST, "Get pseudo random bytes for nonce"); - if (this->ike_sa->randomizer->allocate_pseudo_random_bytes(this->ike_sa->randomizer, NONCE_SIZE, &(this->sent_nonce)) != SUCCESS) + randomizer = this->ike_sa->get_randomizer(this->ike_sa); + if (randomizer->allocate_pseudo_random_bytes(randomizer, NONCE_SIZE, &(this->sent_nonce)) != SUCCESS) { this->logger->log(this->logger, ERROR, "Could not create nonce!"); return OUT_OF_RES; @@ -253,29 +260,27 @@ static status_t initiate_connection (private_initiator_init_t *this, char *name, /* state can now be changed */ this ->logger->log(this->logger, CONTROL|MOST, "Create next state object"); next_state = ike_sa_init_requested_create(this->ike_sa, this->dh_group_number, this->diffie_hellman, this->sent_nonce); - if (next_state == NULL) { this ->logger->log(this->logger, ERROR, "Fatal error: could not create next state object of type ike_sa_init_requested_t"); + message->destroy(message); return FAILED; } - if ( this->ike_sa->last_requested_message != NULL) + /* last message can now be set */ + status = this->ike_sa->set_last_requested_message(this->ike_sa, message); + + if (status != SUCCESS) { - /* destroy message */ - this ->logger->log(this->logger, CONTROL|MOST, "Destroy stored last requested message"); - this->ike_sa->last_requested_message->destroy(this->ike_sa->last_requested_message); + this->logger->log(this->logger, ERROR, "Could not set last requested message"); + (next_state->state_interface).destroy(&(next_state->state_interface)); + message->destroy(message); + return status; } - /* message is set after state create */ - this ->logger->log(this->logger, CONTROL|MOST, "replace last requested message with current one"); - this->ike_sa->last_requested_message = message; - - /* message counter can now be increased */ - this ->logger->log(this->logger, CONTROL|MOST, "Increate message counter for outgoing messages"); - this->ike_sa->message_id_out++; + /* state can now be changed */ + this->ike_sa->set_new_state(this->ike_sa,(state_t *) next_state); - *new_state = (state_t *) next_state; /* state has NOW changed :-) */ this ->logger->log(this->logger, CONTROL|MORE, "Changed state of IKE_SA from %s to %s",mapping_find(ike_sa_state_m,INITIATOR_INIT),mapping_find(ike_sa_state_m,IKE_SA_INIT_REQUESTED) ); @@ -589,12 +594,12 @@ initiator_init_t *initiator_init_create(protected_ike_sa_t *ike_sa) } /* interface functions */ - this->public.state_interface.process_message = (status_t (*) (state_t *,message_t *,state_t **)) process_message; + this->public.state_interface.process_message = (status_t (*) (state_t *,message_t *)) process_message; this->public.state_interface.get_state = (ike_sa_state_t (*) (state_t *)) get_state; this->public.state_interface.destroy = (status_t (*) (state_t *)) destroy; /* public functions */ - this->public.initiate_connection = (status_t (*)(initiator_init_t *, char *, state_t **)) initiate_connection; + this->public.initiate_connection = (status_t (*)(initiator_init_t *, char *)) initiate_connection; /* private functions */ this->destroy_after_state_change = destroy_after_state_change; @@ -606,7 +611,7 @@ initiator_init_t *initiator_init_create(protected_ike_sa_t *ike_sa) /* private data */ this->ike_sa = ike_sa; this->dh_group_priority = 1; - this->logger = this->ike_sa->logger; + this->logger = this->ike_sa->get_logger(this->ike_sa); this->proposals = linked_list_create(); this->sent_nonce = CHUNK_INITIALIZER; if (this->proposals == NULL) diff --git a/Source/charon/sa/states/initiator_init.h b/Source/charon/sa/states/initiator_init.h index c61c137d1..c150eb6b1 100644 --- a/Source/charon/sa/states/initiator_init.h +++ b/Source/charon/sa/states/initiator_init.h @@ -46,10 +46,9 @@ struct initiator_init_t { * * @param this calling object * @param name name of the configuration - * @param new_state new state if call succeeded * @return TODO */ - status_t (*initiate_connection) (initiator_init_t *this, char *name, state_t **new_state); + status_t (*initiate_connection) (initiator_init_t *this, char *name); }; /** diff --git a/Source/charon/sa/states/responder_init.c b/Source/charon/sa/states/responder_init.c index d68bfc62c..9c6067faa 100644 --- a/Source/charon/sa/states/responder_init.c +++ b/Source/charon/sa/states/responder_init.c @@ -142,7 +142,7 @@ struct private_responder_init_t { /** * Implements state_t.get_state */ -static status_t process_message(private_responder_init_t *this, message_t *message, state_t **new_state) +static status_t process_message(private_responder_init_t *this, message_t *message) { iterator_t *payloads; host_t *source, *destination; @@ -153,6 +153,9 @@ static status_t process_message(private_responder_init_t *this, message_t *messa chunk_t shared_secret; exchange_type_t exchange_type; ike_sa_init_responded_t *next_state; + host_t *my_host; + host_t *other_host; + randomizer_t *randomizer; exchange_type = message->get_exchange_type(message); if (exchange_type != IKE_SA_INIT) @@ -172,8 +175,23 @@ static status_t process_message(private_responder_init_t *this, message_t *messa message->get_destination(message, &destination); /* we need to clone them, since we destroy the message later */ - destination->clone(destination, &(this->ike_sa->me.host)); - source->clone(source, &(this->ike_sa->other.host)); + status = destination->clone(destination, &my_host); + if (status != SUCCESS) + { + this->logger->log(this->logger, ERROR, "Fatal error: could not clone my host informations"); + return status; + } + status = source->clone(source, &other_host); + if (status != SUCCESS) + { + this->logger->log(this->logger, ERROR, "Fatal error: could not clone other host informations"); + my_host->destroy(my_host); + return status; + } + + + this->ike_sa->set_my_host(this->ike_sa, my_host); + this->ike_sa->set_other_host(this->ike_sa, other_host); /* parse incoming message */ status = message->parse_body(message); @@ -205,9 +223,10 @@ static status_t process_message(private_responder_init_t *this, message_t *messa { sa_payload_t *sa_payload = (sa_payload_t*)payload; iterator_t *suggested_proposals, *accepted_proposals; - encryption_algorithm_t encryption_algorithm = ENCR_UNDEFINED; - pseudo_random_function_t pseudo_random_function = PRF_UNDEFINED; - integrity_algorithm_t integrity_algorithm = AUTH_UNDEFINED; + encryption_algorithm_t encryption_algorithm = ENCR_UNDEFINED; + pseudo_random_function_t pseudo_random_function = PRF_UNDEFINED; + integrity_algorithm_t integrity_algorithm = AUTH_UNDEFINED; + prf_t *prf; status = this->proposals->create_iterator(this->proposals, &accepted_proposals, FALSE); if (status != SUCCESS) @@ -229,7 +248,7 @@ static status_t process_message(private_responder_init_t *this, message_t *messa /* now let the configuration-manager select a subset of the proposals */ status = global_configuration_manager->select_proposals_for_host(global_configuration_manager, - this->ike_sa->other.host, suggested_proposals, accepted_proposals); + this->ike_sa->get_other_host(this->ike_sa), suggested_proposals, accepted_proposals); if (status != SUCCESS) { this->logger->log(this->logger, CONTROL | MORE, "No proposal of suggested proposals selected"); @@ -246,7 +265,7 @@ static status_t process_message(private_responder_init_t *this, message_t *messa /* now let the configuration-manager return the transforms for the given proposal*/ this->logger->log(this->logger, CONTROL | MOST, "Get transforms for accepted proposal"); status = global_configuration_manager->get_transforms_for_host_and_proposals(global_configuration_manager, - this->ike_sa->other.host, accepted_proposals, &encryption_algorithm,&pseudo_random_function,&integrity_algorithm); + this->ike_sa->get_other_host(this->ike_sa), accepted_proposals, &encryption_algorithm,&pseudo_random_function,&integrity_algorithm); if (status != SUCCESS) { this->logger->log(this->logger, ERROR | MORE, "Accepted proposals not supported?!"); @@ -256,13 +275,14 @@ static status_t process_message(private_responder_init_t *this, message_t *messa } accepted_proposals->destroy(accepted_proposals); - this->ike_sa->prf = prf_create(pseudo_random_function); - if (this->ike_sa->prf == NULL) + prf = prf_create(pseudo_random_function); + if (prf == NULL) { this->logger->log(this->logger, ERROR | MORE, "PRF type not supported"); payloads->destroy(payloads); return FAILED; } + this->ike_sa->set_prf(this->ike_sa,prf); this->logger->log(this->logger, CONTROL | MORE, "SA Payload processed"); /* ok, we have what we need for sa_payload (proposals are stored in this->proposals)*/ @@ -278,7 +298,7 @@ static status_t process_message(private_responder_init_t *this, message_t *messa group = ke_payload->get_dh_group_number(ke_payload); status = global_configuration_manager->is_dh_group_allowed_for_host(global_configuration_manager, - this->ike_sa->other.host, group, &allowed_group); + this->ike_sa->get_other_host(this->ike_sa), group, &allowed_group); if (status != SUCCESS) { @@ -355,8 +375,11 @@ static status_t process_message(private_responder_init_t *this, message_t *messa this->logger->log(this->logger, CONTROL | MORE, "Request successfully handled. Going to create reply."); - this->logger->log(this->logger, CONTROL | MOST, "Going to create nonce."); - if (this->ike_sa->randomizer->allocate_pseudo_random_bytes(this->ike_sa->randomizer, NONCE_SIZE, &(this->sent_nonce)) != SUCCESS) + this->logger->log(this->logger, CONTROL | MOST, "Going to create nonce."); + + randomizer = this->ike_sa->get_randomizer(this->ike_sa); + + if (randomizer->allocate_pseudo_random_bytes(randomizer, NONCE_SIZE, &(this->sent_nonce)) != SUCCESS) { this->logger->log(this->logger, ERROR, "Could not create nonce!"); return OUT_OF_RES; @@ -447,6 +470,7 @@ static status_t process_message(private_responder_init_t *this, message_t *messa if (status != SUCCESS) { this->logger->log(this->logger, ERROR, "Could not add packet to send queue"); + packet->destroy(packet); return status; } @@ -462,19 +486,19 @@ static status_t process_message(private_responder_init_t *this, message_t *messa return FAILED; } - if ( this->ike_sa->last_responded_message != NULL) + /* last message can now be set */ + status = this->ike_sa->set_last_responded_message(this->ike_sa, response); + + if (status != SUCCESS) { - /* destroy message */ - this ->logger->log(this->logger, CONTROL|MOST, "Destroy stored last responded message"); - this->ike_sa->last_responded_message->destroy(this->ike_sa->last_responded_message); + this->logger->log(this->logger, ERROR, "Could not set last responded message"); + response->destroy(response); + (next_state->state_interface).destroy(&(next_state->state_interface)); + return status; } - this->ike_sa->last_responded_message = response; - /* message counter can now be increased */ - this ->logger->log(this->logger, CONTROL|MOST, "Increate message counter for incoming messages"); - this->ike_sa->message_id_in++; - - *new_state = (state_t *) next_state; + /* state can now be changed */ + this->ike_sa->set_new_state(this->ike_sa, (state_t *) next_state); /* state has NOW changed :-) */ this ->logger->log(this->logger, CONTROL|MORE, "Changed state of IKE_SA from %s to %s",mapping_find(ike_sa_state_m,RESPONDER_INIT),mapping_find(ike_sa_state_m,IKE_SA_INIT_RESPONDED) ); @@ -717,7 +741,7 @@ responder_init_t *responder_init_create(protected_ike_sa_t *ike_sa) } /* interface functions */ - this->public.state_interface.process_message = (status_t (*) (state_t *,message_t *,state_t **)) process_message; + this->public.state_interface.process_message = (status_t (*) (state_t *,message_t *)) process_message; this->public.state_interface.get_state = (ike_sa_state_t (*) (state_t *)) get_state; this->public.state_interface.destroy = (status_t (*) (state_t *)) destroy; @@ -729,7 +753,7 @@ responder_init_t *responder_init_create(protected_ike_sa_t *ike_sa) /* private data */ this->ike_sa = ike_sa; - this->logger = this->ike_sa->logger; + this->logger = this->ike_sa->get_logger(this->ike_sa); this->sent_nonce.ptr = NULL; this->sent_nonce.len = 0; this->received_nonce.ptr = NULL; diff --git a/Source/charon/sa/states/state.h b/Source/charon/sa/states/state.h index e888eaf31..7a8f8430c 100644 --- a/Source/charon/sa/states/state.h +++ b/Source/charon/sa/states/state.h @@ -87,13 +87,11 @@ struct state_t { * * @param this state_t object * @param[in] message message_t object to process - * @param this state_t pointer to the new state_t object * @return * - SUCCESSFUL if succeeded * - FAILED otherwise */ - status_t (*process_message) (state_t *this,message_t *message,state_t **new_state); - + status_t (*process_message) (state_t *this,message_t *message); /** * @brief Get the current state |