- state ike_auth_requested

- does now establishing of IKE_SA in both directions

7 files changed, 44 insertions, 45 deletions

diff --git a/Source/charon/encoding/message.c b/Source/charon/encoding/message.c
index 84f174365..b9f34e5d5 100644
--- a/Source/charon/encoding/message.c
+++ b/Source/charon/encoding/message.c
@@ -821,7 +821,6 @@ static status_t verify(private_message_t *this)
 		}
 	}
 	iterator->destroy(iterator);
-	
 	return SUCCESS;
 }
 
diff --git a/Source/charon/sa/ike_sa.c b/Source/charon/sa/ike_sa.c
index 46807de51..a974ce3e8 100644
--- a/Source/charon/sa/ike_sa.c
+++ b/Source/charon/sa/ike_sa.c
@@ -458,7 +458,7 @@ static status_t create_delete_job(private_ike_sa_t *this)
  */
 static void set_new_state (private_ike_sa_t *this, state_t *state)
 {
-	this->logger->log(this->logger, ERROR, "Change current state %s to %s",mapping_find(ike_sa_state_m,this->current_state->get_state(this->current_state)),mapping_find(ike_sa_state_m,state->get_state(state)));
+	this->logger->log(this->logger, CONTROL, "Change current state %s to %s",mapping_find(ike_sa_state_m,this->current_state->get_state(this->current_state)),mapping_find(ike_sa_state_m,state->get_state(state)));
 	this->current_state = state;
 }
 
@@ -628,9 +628,6 @@ static signer_t *get_signer_initiator (private_ike_sa_t *this)
 }
 
 /**
-<<<<<<< .mine
- * Implementation of protected_ike_sa_t.send_request.
-=======
  * Implementation of protected_ike_sa_t.get_crypter_responder.
  */
 static crypter_t *get_crypter_responder(private_ike_sa_t *this)
@@ -646,10 +643,8 @@ static signer_t *get_signer_responder (private_ike_sa_t *this)
 	return this->signer_responder;
 }
 
-
 /**
- * Implementation of protected_ike_sa_t.set_last_requested_message.
->>>>>>> .r660
+ * Implementation of protected_ike_sa_t.send_request.
  */
 static status_t send_request (private_ike_sa_t *this,message_t * message)
 {
@@ -704,7 +699,7 @@ static status_t send_response (private_ike_sa_t *this,message_t * message)
 		return FAILED;	
 	}
 	
-	status = message->generate(message, this->crypter_initiator,this->signer_initiator, &packet);
+	status = message->generate(message, this->crypter_responder,this->signer_responder, &packet);
 	if (status != SUCCESS)
 	{
 		this->logger->log(this->logger, ERROR, "Could not generate packet from message");
diff --git a/Source/charon/sa/states/ike_auth_requested.c b/Source/charon/sa/states/ike_auth_requested.c
index eb4ccae6b..82d7ca934 100644
--- a/Source/charon/sa/states/ike_auth_requested.c
+++ b/Source/charon/sa/states/ike_auth_requested.c
@@ -45,16 +45,6 @@ struct private_ike_auth_requested_t {
 	ike_auth_requested_t public;
 	
 	/**
-	 * Sent nonce value
-	 */
-	chunk_t sent_nonce;
-	
-	/**
-	 * Received nonce
-	 */
-	chunk_t received_nonce;
-	
-	/**
 	 * Assigned IKE_SA
 	 */
 	 protected_ike_sa_t *ike_sa;
@@ -89,13 +79,11 @@ static status_t process_message(private_ike_auth_requested_t *this, message_t *r
 	crypter_t *crypter;
 	iterator_t *payloads;
 	exchange_type_t exchange_type;
-	id_payload_t *idr_payload;
+	id_payload_t *idr_payload = NULL;
 	auth_payload_t *auth_payload;
 	sa_payload_t *sa_payload;
 	ts_payload_t *tsi_payload, *tsr_payload;
 	
-	return SUCCESS;
-
 	exchange_type = request->get_exchange_type(request);
 	if (exchange_type != IKE_AUTH)
 	{
@@ -172,8 +160,7 @@ static status_t process_message(private_ike_auth_requested_t *this, message_t *r
 	}
 	/* iterator can be destroyed */
 	payloads->destroy(payloads);
-	
-	
+
 	/* add payloads to it */
 	status = this->process_idr_payload(this, idr_payload);
 	if (status != SUCCESS)
@@ -211,6 +198,7 @@ static status_t process_message(private_ike_auth_requested_t *this, message_t *r
 	/* create new state */
 	this->ike_sa->set_new_state(this->ike_sa, (state_t*)ike_sa_established_create(this->ike_sa));
 
+	this->public.state_interface.destroy(&(this->public.state_interface));
 	return SUCCESS;
 }
 
@@ -221,19 +209,24 @@ static status_t process_idr_payload(private_ike_auth_requested_t *this, id_paylo
 {
 	identification_t *other_id, *configured_other_id;
 	
-	other_id = idr_payload->get_identification(idr_payload);
-
-	configured_other_id = this->sa_config->get_other_id(this->sa_config);
-	if (configured_other_id)
+	/* idr is optional */
+	if (idr_payload)
 	{
-		if (!other_id->equals(other_id, configured_other_id))
+		other_id = idr_payload->get_identification(idr_payload);
+	
+		configured_other_id = this->sa_config->get_other_id(this->sa_config);
+		if (configured_other_id)
 		{
-			this->logger->log(this->logger, ERROR, "IKE_AUTH reply didn't contain requested id");
-			return FAILED;	
+			if (!other_id->equals(other_id, configured_other_id))
+			{
+				this->logger->log(this->logger, ERROR, "IKE_AUTH reply didn't contain requested id");
+				return FAILED;	
+			}
 		}
+		
+		other_id->destroy(other_id);
+		/* TODO do we have to store other_id  somewhere ? */
 	}
-	
-	/* TODO do we have to store other_id  somewhere ? */	
 	return SUCCESS;
 }
 
@@ -345,15 +338,13 @@ static ike_sa_state_t get_state(private_ike_auth_requested_t *this)
  */
 static void destroy(private_ike_auth_requested_t *this)
 {
-	allocator_free(this->sent_nonce.ptr);
-	allocator_free(this->received_nonce.ptr);
 	allocator_free(this);
 }
 
 /* 
  * Described in header.
  */
-ike_auth_requested_t *ike_auth_requested_create(protected_ike_sa_t *ike_sa, chunk_t sent_nonce, chunk_t received_nonce)
+ike_auth_requested_t *ike_auth_requested_create(protected_ike_sa_t *ike_sa)
 {
 	private_ike_auth_requested_t *this = allocator_alloc_thing(private_ike_auth_requested_t);
 
@@ -371,9 +362,7 @@ ike_auth_requested_t *ike_auth_requested_create(protected_ike_sa_t *ike_sa, chun
 	
 	/* private data */
 	this->ike_sa = ike_sa;
-	this->sent_nonce = sent_nonce;
-	this->received_nonce = received_nonce;
-	
+	this->logger = this->ike_sa->get_logger(this->ike_sa);
 	
 	return &(this->public);
 }
diff --git a/Source/charon/sa/states/ike_auth_requested.h b/Source/charon/sa/states/ike_auth_requested.h
index 0c502c371..5b3512657 100644
--- a/Source/charon/sa/states/ike_auth_requested.h
+++ b/Source/charon/sa/states/ike_auth_requested.h
@@ -52,6 +52,6 @@ struct ike_auth_requested_t {
  * 
  * @ingroup states
  */
-ike_auth_requested_t *ike_auth_requested_create(protected_ike_sa_t *ike_sa, chunk_t sent_nonce, chunk_t received_nonce);
+ike_auth_requested_t *ike_auth_requested_create(protected_ike_sa_t *ike_sa);
 
 #endif /*IKE_AUTH_REQUESTED_H_*/
diff --git a/Source/charon/sa/states/ike_sa_init_requested.c b/Source/charon/sa/states/ike_sa_init_requested.c
index 62fa172a3..b5ebd1283 100644
--- a/Source/charon/sa/states/ike_sa_init_requested.c
+++ b/Source/charon/sa/states/ike_sa_init_requested.c
@@ -394,7 +394,7 @@ static status_t process_message(private_ike_sa_init_requested_t *this, message_t
 
 	/* state can now be changed */
 	this->logger->log(this->logger, CONTROL|MOST, "Create next state object");
-	next_state = ike_auth_requested_create(this->ike_sa,this->sent_nonce,this->received_nonce);
+	next_state = ike_auth_requested_create(this->ike_sa);
 
 	/* state can now be changed */ 
 	this->ike_sa->set_new_state(this->ike_sa,(state_t *) next_state);
@@ -517,9 +517,14 @@ static void build_tsi_payload (private_ike_sa_init_requested_t *this, payload_t
 	
 	sa_config = this->ike_sa->get_sa_config(this->ike_sa);
 	traffic_selectors_count = sa_config->get_traffic_selectors_initiator(sa_config,&traffic_selectors);
-	printf("traffic_selectors: %d\n", traffic_selectors_count);
 	ts_payload = ts_payload_create_from_traffic_selectors(TRUE,traffic_selectors, traffic_selectors_count);
 	
+	/* cleanup traffic selectors */
+	while(traffic_selectors_count--) 
+	{
+		traffic_selector_t *ts = *traffic_selectors + traffic_selectors_count;
+		ts->destroy(ts);
+	}	
 	allocator_free(traffic_selectors);
 
 	*payload = (payload_t *) ts_payload;
@@ -538,6 +543,13 @@ static void build_tsr_payload (private_ike_sa_init_requested_t *this, payload_t
 	sa_config = this->ike_sa->get_sa_config(this->ike_sa);
 	traffic_selectors_count = sa_config->get_traffic_selectors_responder(sa_config,&traffic_selectors);
 	ts_payload = ts_payload_create_from_traffic_selectors(FALSE,traffic_selectors, traffic_selectors_count);
+	
+	/* cleanup traffic selectors */
+	while(traffic_selectors_count--) 
+	{
+		traffic_selector_t *ts = *traffic_selectors + traffic_selectors_count;
+		ts->destroy(ts);
+	}	
 	allocator_free(traffic_selectors);
 
 	*payload = (payload_t *) ts_payload;
@@ -561,6 +573,10 @@ static void destroy_after_state_change (private_ike_sa_init_requested_t *this)
 	
 	this->logger->log(this->logger, CONTROL | MOST, "Destroy diffie hellman object");
 	this->diffie_hellman->destroy(this->diffie_hellman);
+	this->logger->log(this->logger, CONTROL | MOST, "Destroy sent nonce");	
+	allocator_free(this->sent_nonce.ptr);
+	this->logger->log(this->logger, CONTROL | MOST, "Destroy received nonce");
+	allocator_free(this->received_nonce.ptr);
 	this->logger->log(this->logger, CONTROL | MOST, "Destroy shared secret (secrets allready derived)");
 	allocator_free_chunk(&(this->shared_secret));
 	this->logger->log(this->logger, CONTROL | MOST, "Destroy object itself");
diff --git a/Source/charon/sa/states/ike_sa_init_responded.c b/Source/charon/sa/states/ike_sa_init_responded.c
index f97bae87e..ddc9c4012 100644
--- a/Source/charon/sa/states/ike_sa_init_responded.c
+++ b/Source/charon/sa/states/ike_sa_init_responded.c
@@ -346,7 +346,7 @@ static status_t build_ts_payload(private_ike_sa_init_responded_t *this, bool ts_
 	size_t ts_received_count, ts_selected_count;
 	status_t status = SUCCESS;
 	ts_payload_t *ts_response;
-	
+
 	/* build a reply payload with selected traffic selectors */
 	ts_received_count = request->get_traffic_selectors(request, &ts_received);
 	/* select ts depending on payload type */
diff --git a/Source/charon/testcases/testcases.c b/Source/charon/testcases/testcases.c
index 53e81f91e..28eea6eca 100644
--- a/Source/charon/testcases/testcases.c
+++ b/Source/charon/testcases/testcases.c
@@ -214,8 +214,8 @@ int main()
 	tester_t *tester = tester_create(test_output, FALSE);
 	
 
-//	tester->perform_tests(tester,all_tests);
-	tester->perform_test(tester,&sa_config_test); 
+	tester->perform_tests(tester,all_tests);
+//	tester->perform_test(tester,&sa_config_test); 
 	
 	
 	tester->destroy(tester);