diff options
Diffstat (limited to 'Source/charon/sa/ike_sa.c')
| -rw-r--r-- | Source/charon/sa/ike_sa.c | 405 |
1 files changed, 89 insertions, 316 deletions
diff --git a/Source/charon/sa/ike_sa.c b/Source/charon/sa/ike_sa.c index 2b1fe9421..33a7fd388 100644 --- a/Source/charon/sa/ike_sa.c +++ b/Source/charon/sa/ike_sa.c @@ -206,14 +206,13 @@ struct private_ike_sa_t { /** - * @brief implements function process_message of protected_ike_sa_t + * Implements protected_ike_sa_t.process_message. */ static status_t process_message (private_ike_sa_t *this, message_t *message) -{ +{ u_int32_t message_id; exchange_type_t exchange_type; bool is_request; - status_t status; /* we must process each request or response from remote host */ @@ -228,7 +227,7 @@ static status_t process_message (private_ike_sa_t *this, message_t *message) /* * It has to be checked, if the message has to be resent cause of lost packets! */ - if (is_request && ( message_id == (this->message_id_in - 1))) + if (is_request && (message_id == (this->message_id_in - 1))) { /* message can be resent ! */ this->logger->log(this->logger, CONTROL|MORE, "Resent message detected. Send stored reply"); @@ -257,61 +256,34 @@ static status_t process_message (private_ike_sa_t *this, message_t *message) /* now the message is processed by the current state object */ /* the current state does change the current change to the next one*/ - status = this->current_state->process_message(this->current_state,message); - - return status; + return this->current_state->process_message(this->current_state,message); } /** - * @brief Implements function build_message of protected_ike_sa_t. + * Implements protected_ike_sa_t.build_message. */ -static status_t build_message(private_ike_sa_t *this, exchange_type_t type, bool request, message_t **message) +static void build_message(private_ike_sa_t *this, exchange_type_t type, bool request, message_t **message) { - status_t status; message_t *new_message; host_t *source, *destination; this->logger->log(this->logger, CONTROL|MORE, "build empty message"); new_message = message_create(); - if (new_message == NULL) - { - this->logger->log(this->logger, ERROR, "Fatal error: could not create empty message object"); - return OUT_OF_RES; - } - - status = this->me.host->clone(this->me.host, &source); - if (status != SUCCESS) - { - this->logger->log(this->logger, ERROR, "Fatal error: could not clone my host information"); - new_message->destroy(new_message); - return status; - } - status = this->other.host->clone(this->other.host, &destination); - if (status != SUCCESS) - { - this->logger->log(this->logger, ERROR, "Fatal error: could not clone other host information"); - source->destroy(source); - new_message->destroy(new_message); - return status; - } + source = this->me.host->clone(this->me.host); + destination = this->other.host->clone(this->other.host); + new_message->set_source(new_message, source); new_message->set_destination(new_message, destination); - new_message->set_exchange_type(new_message, type); new_message->set_request(new_message, request); - new_message->set_message_id(new_message, (request) ? this->message_id_out : this->message_id_in); - new_message->set_ike_sa_id(new_message, this->ike_sa_id); - *message = new_message; - - return SUCCESS; } /** - * @brief implements function process_configuration of protected_ike_sa_t + * Implements protected_ike_sa_t.process_configuration. */ static status_t initialize_connection(private_ike_sa_t *this, char *name) { @@ -336,7 +308,7 @@ static status_t initialize_connection(private_ike_sa_t *this, char *name) } /** - * @brief implements function protected_ike_sa_t.get_id + * Implements protected_ike_sa_t.get_id. */ static ike_sa_id_t* get_id(private_ike_sa_t *this) { @@ -344,14 +316,13 @@ static ike_sa_id_t* get_id(private_ike_sa_t *this) } /** - * @brief implements function protected_ike_sa_t.compute_secrets + * Implements protected_ike_sa_t.compute_secrets. */ -static status_t compute_secrets (private_ike_sa_t *this,chunk_t dh_shared_secret,chunk_t initiator_nonce, chunk_t responder_nonce) +static void compute_secrets(private_ike_sa_t *this,chunk_t dh_shared_secret,chunk_t initiator_nonce, chunk_t responder_nonce) { chunk_t concatenated_nonces; chunk_t skeyseed; chunk_t prf_plus_seed; - status_t status; u_int64_t initiator_spi; u_int64_t responder_spi; prf_plus_t *prf_plus; @@ -362,11 +333,7 @@ static status_t compute_secrets (private_ike_sa_t *this,chunk_t dh_shared_secret */ concatenated_nonces.len = (initiator_nonce.len + responder_nonce.len); concatenated_nonces.ptr = allocator_alloc(concatenated_nonces.len); - if (concatenated_nonces.ptr == NULL) - { - this->logger->log(this->logger, ERROR, "Fatal errror: Could not allocate memory for concatenated nonces"); - return FAILED; - } + /* first is initiator */ memcpy(concatenated_nonces.ptr,initiator_nonce.ptr,initiator_nonce.len); /* second is responder */ @@ -374,28 +341,15 @@ static status_t compute_secrets (private_ike_sa_t *this,chunk_t dh_shared_secret this->logger->log_chunk(this->logger, RAW, "Nonce data", &concatenated_nonces); - /* status of set_key is not checked */ - status = this->prf->set_key(this->prf,concatenated_nonces); + this->prf->set_key(this->prf,concatenated_nonces); + + this->prf->allocate_bytes(this->prf,dh_shared_secret,&skeyseed); - status = this->prf->allocate_bytes(this->prf,dh_shared_secret,&skeyseed); - if (status != SUCCESS) - { - allocator_free_chunk(&concatenated_nonces); - this->logger->log(this->logger, ERROR, "Fatal errror: Could not allocate bytes for skeyseed"); - return status; - } allocator_free_chunk(&concatenated_nonces); prf_plus_seed.len = (initiator_nonce.len + responder_nonce.len + 16); prf_plus_seed.ptr = allocator_alloc(prf_plus_seed.len); - if (prf_plus_seed.ptr == NULL) - { - this->logger->log(this->logger, ERROR, "Fatal errror: Could not allocate memory for prf+ seed"); - allocator_free_chunk(&skeyseed); - return FAILED; - } - /* first is initiator */ memcpy(prf_plus_seed.ptr,initiator_nonce.ptr,initiator_nonce.len); @@ -412,113 +366,45 @@ static status_t compute_secrets (private_ike_sa_t *this,chunk_t dh_shared_secret this->logger->log_chunk(this->logger, PRIVATE | MORE, "PRF+ Seed", &prf_plus_seed); this->logger->log(this->logger, CONTROL | MOST, "Set new key of prf object"); - status = this->prf->set_key(this->prf,skeyseed); + this->prf->set_key(this->prf,skeyseed); allocator_free_chunk(&skeyseed); - if (status != SUCCESS) - { - this->logger->log(this->logger, ERROR, "Fatal errror: Could not allocate memory for prf+ seed"); - allocator_free_chunk(&prf_plus_seed); - return FAILED; - } - + this->logger->log(this->logger, CONTROL | MOST, "Create new prf+ object"); prf_plus = prf_plus_create(this->prf, prf_plus_seed); allocator_free_chunk(&prf_plus_seed); - if (prf_plus == NULL) - { - this->logger->log(this->logger, ERROR, "Fatal errror: prf+ object could not be created"); - return FAILED; - } - status = prf_plus->allocate_bytes(prf_plus,this->prf->get_block_size(this->prf),&(this->secrets.d_key)); - if (status != SUCCESS) - { - this->logger->log(this->logger, ERROR | MORE, "Could not allocate bytes from prf+ for Sk_d"); - return status; - } + prf_plus->allocate_bytes(prf_plus,this->prf->get_block_size(this->prf),&(this->secrets.d_key)); this->logger->log_chunk(this->logger, PRIVATE, "Sk_d secret", &(this->secrets.d_key)); - status = prf_plus->allocate_bytes(prf_plus,this->crypter_initiator->get_block_size(this->crypter_initiator),&(this->secrets.ei_key)); - if (status != SUCCESS) - { - this->logger->log(this->logger, ERROR | MORE, "Could not allocate bytes from prf+ for Sk_ei"); - return status; - } + prf_plus->allocate_bytes(prf_plus,this->crypter_initiator->get_block_size(this->crypter_initiator),&(this->secrets.ei_key)); this->logger->log_chunk(this->logger, PRIVATE, "Sk_ei secret", &(this->secrets.ei_key)); - status = this->crypter_initiator->set_key(this->crypter_initiator,this->secrets.ei_key); - if (status != SUCCESS) - { - this->logger->log(this->logger, ERROR | MORE, "Could not set encryption key initiator crypter"); - return status; - } + this->crypter_initiator->set_key(this->crypter_initiator,this->secrets.ei_key); - status = prf_plus->allocate_bytes(prf_plus,this->crypter_responder->get_block_size(this->crypter_responder),&(this->secrets.er_key)); - if (status != SUCCESS) - { - this->logger->log(this->logger, ERROR | MORE, "Could not allocate bytes from prf+ for Sk_er"); - return status; - } + prf_plus->allocate_bytes(prf_plus,this->crypter_responder->get_block_size(this->crypter_responder),&(this->secrets.er_key)); this->logger->log_chunk(this->logger, PRIVATE, "Sk_er secret", &(this->secrets.er_key)); - status = this->crypter_responder->set_key(this->crypter_responder,this->secrets.er_key); - if (status != SUCCESS) - { - this->logger->log(this->logger, ERROR | MORE, "Could not set encryption key responder crypter"); - return status; - } + this->crypter_responder->set_key(this->crypter_responder,this->secrets.er_key); - status = prf_plus->allocate_bytes(prf_plus,this->signer_initiator->get_block_size(this->signer_initiator),&(this->secrets.ai_key)); - if (status != SUCCESS) - { - this->logger->log(this->logger, ERROR | MORE, "Could not allocate bytes from prf+ for Sk_ai"); - return status; - } + prf_plus->allocate_bytes(prf_plus,this->signer_initiator->get_block_size(this->signer_initiator),&(this->secrets.ai_key)); this->logger->log_chunk(this->logger, PRIVATE, "Sk_ai secret", &(this->secrets.ai_key)); - status = this->signer_initiator->set_key(this->signer_initiator,this->secrets.ai_key); - if (status != SUCCESS) - { - this->logger->log(this->logger, ERROR | MORE, "Could not set key for initiator signer"); - return status; - } + this->signer_initiator->set_key(this->signer_initiator,this->secrets.ai_key); - status = prf_plus->allocate_bytes(prf_plus,this->signer_responder->get_block_size(this->signer_responder),&(this->secrets.ar_key)); - if (status != SUCCESS) - { - this->logger->log(this->logger, ERROR | MORE, "Could not allocate bytes from prf+ for Sk_ar"); - return status; - } + prf_plus->allocate_bytes(prf_plus,this->signer_responder->get_block_size(this->signer_responder),&(this->secrets.ar_key)); this->logger->log_chunk(this->logger, PRIVATE, "Sk_ar secret", &(this->secrets.ar_key)); - status = this->signer_responder->set_key(this->signer_responder,this->secrets.ar_key); - if (status != SUCCESS) - { - this->logger->log(this->logger, ERROR | MORE, "Could not set key for responder signer"); - return status; - } + this->signer_responder->set_key(this->signer_responder,this->secrets.ar_key); - status = prf_plus->allocate_bytes(prf_plus,this->crypter_responder->get_block_size(this->crypter_responder),&(this->secrets.pi_key)); - if (status != SUCCESS) - { - this->logger->log(this->logger, ERROR | MORE, "Could not allocate bytes from prf+ for Sk_pi"); - return status; - } + prf_plus->allocate_bytes(prf_plus,this->crypter_responder->get_block_size(this->crypter_responder),&(this->secrets.pi_key)); this->logger->log_chunk(this->logger, PRIVATE, "Sk_pi secret", &(this->secrets.pi_key)); - status = prf_plus->allocate_bytes(prf_plus,this->crypter_responder->get_block_size(this->crypter_responder),&(this->secrets.pr_key)); - if (status != SUCCESS) - { - this->logger->log(this->logger, ERROR | MORE, "Could not allocate bytes from prf+ for Sk_pr"); - return status; - } + prf_plus->allocate_bytes(prf_plus,this->crypter_responder->get_block_size(this->crypter_responder),&(this->secrets.pr_key)); this->logger->log_chunk(this->logger, PRIVATE, "Sk_pr secret", &(this->secrets.pr_key)); prf_plus->destroy(prf_plus); - - return SUCCESS; } /** - * @brief implements function resend_last_reply of protected_ike_sa_t + * Implements protected_ike_sa_t.resend_last_reply. */ -status_t resend_last_reply (private_ike_sa_t *this) +static status_t resend_last_reply(private_ike_sa_t *this) { packet_t *packet; status_t status; @@ -530,37 +416,22 @@ status_t resend_last_reply (private_ike_sa_t *this) return status; } - status = global_send_queue->add(global_send_queue, packet); - if (status != SUCCESS) - { - this->logger->log(this->logger, ERROR, "Could not add packet to send queue"); - packet->destroy(packet); - return status; - } + global_send_queue->add(global_send_queue, packet); return SUCCESS; } -status_t create_delete_job (private_ike_sa_t *this) +/** + * Implements protected_ike_sa_t.resend_last_reply. + */ +static status_t create_delete_job(private_ike_sa_t *this) { job_t *delete_job; - status_t status; this->logger->log(this->logger, CONTROL | MORE, "Going to create job to delete this IKE_SA"); delete_job = (job_t *) delete_ike_sa_job_create(this->ike_sa_id); - if (delete_job == NULL) - { - this->logger->log(this->logger, ERROR, "Job to delete IKE SA could not be created"); - return FAILED; - } - - status = global_job_queue->add(global_job_queue,delete_job); - if (status != SUCCESS) - { - this->logger->log(this->logger, ERROR, "%s Job to delete IKE SA could not be added to job queue",mapping_find(status_m,status)); - delete_job->destroy_all(delete_job); - return status; - } + global_job_queue->add(global_job_queue,delete_job); + return SUCCESS; } @@ -636,96 +507,87 @@ static status_t create_transforms_from_proposal (private_ike_sa_t *this,proposal u_int16_t pseudo_random_function; u_int16_t pseudo_random_function_key_length; - this ->logger->log(this->logger, CONTROL|MORE, "Going to create transform objects for proposal"); + this->logger->log(this->logger, CONTROL|MORE, "Going to create transform objects for proposal"); - this ->logger->log(this->logger, CONTROL|MOST, "Get encryption transform type"); + this->logger->log(this->logger, CONTROL|MOST, "Get encryption transform type"); status = proposal->get_info_for_transform_type(proposal,ENCRYPTION_ALGORITHM,&(encryption_algorithm),&(encryption_algorithm_key_length)); if (status != SUCCESS) { - this ->logger->log(this->logger, ERROR|MORE, "Could not get encryption transform type"); + this->logger->log(this->logger, ERROR|MORE, "Could not get encryption transform type"); return status; } - this ->logger->log(this->logger, CONTROL|MORE, "Encryption algorithm: %s with keylength %d",mapping_find(encryption_algorithm_m,encryption_algorithm),encryption_algorithm_key_length); + this->logger->log(this->logger, CONTROL|MORE, "Encryption algorithm: %s with keylength %d",mapping_find(encryption_algorithm_m,encryption_algorithm),encryption_algorithm_key_length); - this ->logger->log(this->logger, CONTROL|MOST, "Get integrity transform type"); + this->logger->log(this->logger, CONTROL|MOST, "Get integrity transform type"); status = proposal->get_info_for_transform_type(proposal,INTEGRITY_ALGORITHM,&(integrity_algorithm),&(integrity_algorithm_key_length)); if (status != SUCCESS) { - this ->logger->log(this->logger, ERROR|MORE, "Could not get integrity transform type"); + this->logger->log(this->logger, ERROR|MORE, "Could not get integrity transform type"); return status; } - this ->logger->log(this->logger, CONTROL|MORE, "integrity algorithm: %s with keylength %d",mapping_find(integrity_algorithm_m,integrity_algorithm),integrity_algorithm_key_length); + this->logger->log(this->logger, CONTROL|MORE, "integrity algorithm: %s with keylength %d",mapping_find(integrity_algorithm_m,integrity_algorithm),integrity_algorithm_key_length); - this ->logger->log(this->logger, CONTROL|MOST, "Get prf transform type"); + this->logger->log(this->logger, CONTROL|MOST, "Get prf transform type"); status = proposal->get_info_for_transform_type(proposal,PSEUDO_RANDOM_FUNCTION,&(pseudo_random_function),&(pseudo_random_function_key_length)); if (status != SUCCESS) { - this ->logger->log(this->logger, ERROR|MORE, "Could not prf transform type"); + this->logger->log(this->logger, ERROR|MORE, "Could not prf transform type"); return status; } - this ->logger->log(this->logger, CONTROL|MORE, "prf: %s with keylength %d",mapping_find(pseudo_random_function_m,pseudo_random_function),pseudo_random_function_key_length); - - + this->logger->log(this->logger, CONTROL|MORE, "prf: %s with keylength %d",mapping_find(pseudo_random_function_m,pseudo_random_function),pseudo_random_function_key_length); - if (this->prf != NULL) { - this ->logger->log(this->logger, CONTROL|MOST, "Destroy existing prf_t object"); this->prf->destroy(this->prf); } this->prf = prf_create(pseudo_random_function); if (this->prf == NULL) { - this ->logger->log(this->logger, ERROR|MORE, "prf does not seem to be supported!"); + this->logger->log(this->logger, ERROR|MORE, "prf not supported!"); return FAILED; } if (this->crypter_initiator != NULL) { - this ->logger->log(this->logger, CONTROL|MOST, "Destroy existing initiator crypter_t object"); this->crypter_initiator->destroy(this->crypter_initiator); } this->crypter_initiator = crypter_create(encryption_algorithm,encryption_algorithm_key_length); if (this->crypter_initiator == NULL) { - this ->logger->log(this->logger, ERROR|MORE, "encryption algorithm does not seem to be supported!"); + this->logger->log(this->logger, ERROR|MORE, "encryption algorithm not supported!"); return FAILED; } if (this->crypter_responder != NULL) { - this ->logger->log(this->logger, CONTROL|MOST, "Destroy existing responder crypter_t object"); this->crypter_responder->destroy(this->crypter_responder); } this->crypter_responder = crypter_create(encryption_algorithm,encryption_algorithm_key_length); if (this->crypter_responder == NULL) { - this ->logger->log(this->logger, ERROR|MORE, "encryption algorithm does not seem to be supported!"); + this->logger->log(this->logger, ERROR|MORE, "encryption algorithm not supported!"); return FAILED; } if (this->signer_initiator != NULL) { - this ->logger->log(this->logger, CONTROL|MOST, "Destroy existing initiator signer_t object"); this->signer_initiator->destroy(this->signer_initiator); } this->signer_initiator = signer_create(integrity_algorithm); if (this->signer_initiator == NULL) { - this ->logger->log(this->logger, ERROR|MORE, "integrity algorithm does not seem to be supported!"); + this->logger->log(this->logger, ERROR|MORE, "integrity algorithm not supported!"); return FAILED; } - if (this->signer_responder != NULL) { - this ->logger->log(this->logger, CONTROL|MOST, "Destroy existing responder signer_t object"); this->signer_responder->destroy(this->signer_responder); } this->signer_responder = signer_create(integrity_algorithm); if (this->signer_responder == NULL) { - this ->logger->log(this->logger, ERROR|MORE, "integrity algorithm does not seem to be supported!"); + this->logger->log(this->logger, ERROR|MORE, "integrity algorithm not supported!"); return FAILED; } @@ -745,50 +607,47 @@ static randomizer_t *get_randomizer (private_ike_sa_t *this) */ static status_t set_last_requested_message (private_ike_sa_t *this,message_t * message) { - if ( this->last_requested_message != NULL) + if (this->last_requested_message != NULL) { /* destroy message */ - this ->logger->log(this->logger, CONTROL|MOST, "Destroy stored last requested message"); this->last_requested_message->destroy(this->last_requested_message); } if (message->get_message_id(message) != this->message_id_out) { - this ->logger->log(this->logger, CONTROL|MOST, "last requested message could not be set cause id was not as expected"); + this->logger->log(this->logger, CONTROL|MOST, "last requested message could not be set cause id was not as expected"); return FAILED; } - this ->logger->log(this->logger, CONTROL|MOST, "replace last requested message with new one"); - this->last_requested_message = message; + this->logger->log(this->logger, CONTROL|MOST, "replace last requested message with new one"); + this->last_requested_message = message; /* message counter can now be increased */ - this ->logger->log(this->logger, CONTROL|MOST, "Increate message counter for outgoing messages"); + this->logger->log(this->logger, CONTROL|MOST, "Increate message counter for outgoing messages"); this->message_id_out++; return SUCCESS; } - /** * Implementation of protected_ike_sa_t.set_last_responded_message. */ static status_t set_last_responded_message (private_ike_sa_t *this,message_t * message) { - if ( this->last_responded_message != NULL) + if (this->last_responded_message != NULL) { /* destroy message */ - this ->logger->log(this->logger, CONTROL|MOST, "Destroy stored last responded message"); this->last_responded_message->destroy(this->last_responded_message); } if (message->get_message_id(message) != this->message_id_in) { - this ->logger->log(this->logger, CONTROL|MOST, "last responded message could not be set cause id was not as expected"); + this->logger->log(this->logger, CONTROL|MOST, "last responded message could not be set cause id was not as expected"); return FAILED; } - this ->logger->log(this->logger, CONTROL|MOST, "replace last responded message with new one"); - this->last_responded_message = message; + this->logger->log(this->logger, CONTROL|MOST, "replace last responded message with new one"); + this->last_responded_message = message; /* message counter can now be increased */ - this ->logger->log(this->logger, CONTROL|MOST, "Increate message counter for incoming messages"); + this->logger->log(this->logger, CONTROL|MOST, "Increate message counter for incoming messages"); this->message_id_in++; return SUCCESS; @@ -796,11 +655,10 @@ static status_t set_last_responded_message (private_ike_sa_t *this,message_t * m /** - * @brief implements function destroy of protected_ike_sa_t + * Implements protected_ike_sa_t.destroy. */ -static status_t destroy (private_ike_sa_t *this) +static void destroy (private_ike_sa_t *this) { - this->logger->log(this->logger, CONTROL | MORE, "Going to destroy IKE_SA"); /* destroy child sa's */ @@ -808,7 +666,7 @@ static status_t destroy (private_ike_sa_t *this) while (this->child_sas->get_count(this->child_sas) > 0) { void *child_sa; - if (this->child_sas->remove_first(this->child_sas,&child_sa) != SUCCESS) + if (this->child_sas->remove_first(this->child_sas, &child_sa) != SUCCESS) { break; } @@ -817,95 +675,64 @@ static status_t destroy (private_ike_sa_t *this) this->child_sas->destroy(this->child_sas); this->logger->log(this->logger, CONTROL | MOST, "Destroy secrets"); - if (this->secrets.d_key.ptr != NULL) - { - allocator_free(this->secrets.d_key.ptr); - } - if (this->secrets.ai_key.ptr != NULL) - { - allocator_free(this->secrets.ai_key.ptr); - } - if (this->secrets.ar_key.ptr != NULL) - { - allocator_free(this->secrets.ar_key.ptr); - } - if (this->secrets.ei_key.ptr != NULL) - { - allocator_free(this->secrets.ei_key.ptr); - } - if (this->secrets.er_key.ptr != NULL) - { - allocator_free(this->secrets.er_key.ptr); - } - if (this->secrets.pi_key.ptr != NULL) - { - allocator_free(this->secrets.pi_key.ptr); - } - if (this->secrets.pr_key.ptr != NULL) - { - allocator_free(this->secrets.pr_key.ptr); - } - if ( this->crypter_initiator != NULL) + allocator_free(this->secrets.d_key.ptr); + allocator_free(this->secrets.ai_key.ptr); + allocator_free(this->secrets.ar_key.ptr); + allocator_free(this->secrets.ei_key.ptr); + allocator_free(this->secrets.er_key.ptr); + allocator_free(this->secrets.pi_key.ptr); + allocator_free(this->secrets.pr_key.ptr); + + if (this->crypter_initiator != NULL) { - this->logger->log(this->logger, CONTROL | MOST, "Destroy initiator crypter"); this->crypter_initiator->destroy(this->crypter_initiator); } - if ( this->crypter_responder != NULL) + if (this->crypter_responder != NULL) { - this->logger->log(this->logger, CONTROL | MOST, "Destroy responder crypter"); this->crypter_responder->destroy(this->crypter_responder); } - if ( this->signer_initiator != NULL) + if (this->signer_initiator != NULL) { - this->logger->log(this->logger, CONTROL | MOST, "Destroy initiator signer"); this->signer_initiator->destroy(this->signer_initiator); } if (this->signer_responder != NULL) { - this->logger->log(this->logger, CONTROL | MOST, "Destroy responder signer"); this->signer_responder->destroy(this->signer_responder); } if (this->prf != NULL) { - this->logger->log(this->logger, CONTROL | MOST, "Destroy prf"); this->prf->destroy(this->prf); } /* destroy ike_sa_id */ - this->logger->log(this->logger, CONTROL | MOST, "Destroy assigned ike_sa_id"); this->ike_sa_id->destroy(this->ike_sa_id); /* destroy stored requested message */ if (this->last_requested_message != NULL) { - this->logger->log(this->logger, CONTROL | MOST, "Destroy last requested message"); this->last_requested_message->destroy(this->last_requested_message); } /* destroy stored responded messages */ if (this->last_responded_message != NULL) { - this->logger->log(this->logger, CONTROL | MOST, "Destroy last responded message"); this->last_responded_message->destroy(this->last_responded_message); } - this->logger->log(this->logger, CONTROL | MOST, "Destroy randomizer"); this->randomizer->destroy(this->randomizer); if (this->me.host != NULL) { - this->logger->log(this->logger, CONTROL | MOST, "Destroy host informations of me"); this->me.host->destroy(this->me.host); } if (this->other.host != NULL) { - this->logger->log(this->logger, CONTROL | MOST, "Destroy host informations of other"); this->other.host->destroy(this->other.host); } @@ -913,11 +740,9 @@ static status_t destroy (private_ike_sa_t *this) this->current_state->destroy(this->current_state); this->logger->log(this->logger, CONTROL | MOST, "Destroy logger of IKE_SA"); - global_logger_manager->destroy_logger(global_logger_manager, this->logger); allocator_free(this); - return SUCCESS; } /* @@ -926,20 +751,16 @@ static status_t destroy (private_ike_sa_t *this) ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id) { private_ike_sa_t *this = allocator_alloc_thing(private_ike_sa_t); - if (this == NULL) - { - return NULL; - } /* Public functions */ this->protected.public.process_message = (status_t(*)(ike_sa_t*, message_t*)) process_message; this->protected.public.initialize_connection = (status_t(*)(ike_sa_t*, char*)) initialize_connection; this->protected.public.get_id = (ike_sa_id_t*(*)(ike_sa_t*)) get_id; - this->protected.public.destroy = (status_t(*)(ike_sa_t*))destroy; + this->protected.public.destroy = (void(*)(ike_sa_t*))destroy; /* protected functions */ - this->protected.build_message = (status_t (*) (protected_ike_sa_t *, exchange_type_t , bool , message_t **)) build_message; - this->protected.compute_secrets = (status_t (*) (protected_ike_sa_t *,chunk_t ,chunk_t , chunk_t )) compute_secrets; + this->protected.build_message = (void (*) (protected_ike_sa_t *, exchange_type_t , bool , message_t **)) build_message; + this->protected.compute_secrets = (void (*) (protected_ike_sa_t *,chunk_t ,chunk_t , chunk_t )) compute_secrets; this->protected.get_logger = (logger_t *(*) (protected_ike_sa_t *)) get_logger; this->protected.get_my_host = (host_t *(*) (protected_ike_sa_t *)) get_my_host; this->protected.get_other_host = (host_t *(*) (protected_ike_sa_t *)) get_other_host; @@ -958,36 +779,10 @@ ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id) /* initialize private fields */ this->logger = global_logger_manager->create_logger(global_logger_manager, IKE_SA, NULL); - if (this->logger == NULL) - { - allocator_free(this); - } - if (ike_sa_id->clone(ike_sa_id,&(this->ike_sa_id)) != SUCCESS) - { - this->logger->log(this->logger, ERROR, "Fatal error: Could not clone ike_sa_id"); - global_logger_manager->destroy_logger(global_logger_manager,this->logger); - allocator_free(this); - return NULL; - } + this->ike_sa_id = ike_sa_id->clone(ike_sa_id); this->child_sas = linked_list_create(); - if (this->child_sas == NULL) - { - this->logger->log(this->logger, ERROR, "Fatal error: Could not create list for child_sa's"); - this->ike_sa_id->destroy(this->ike_sa_id); - global_logger_manager->destroy_logger(global_logger_manager,this->logger); - allocator_free(this); - return NULL; - } this->randomizer = randomizer_create(); - if (this->randomizer == NULL) - { - this->logger->log(this->logger, ERROR, "Fatal error: Could not create list for child_sa's"); - this->child_sas->destroy(this->child_sas); - this->ike_sa_id->destroy(this->ike_sa_id); - global_logger_manager->destroy_logger(global_logger_manager,this->logger); - allocator_free(this); - } this->me.host = NULL; this->other.host = NULL; @@ -995,29 +790,19 @@ ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id) this->last_responded_message = NULL; this->message_id_out = 0; this->message_id_in = 0; - this->secrets.d_key.ptr = NULL; - this->secrets.d_key.len = 0; - this->secrets.ai_key.ptr = NULL; - this->secrets.ai_key.len = 0; - this->secrets.ar_key.ptr = NULL; - this->secrets.ar_key.len = 0; - this->secrets.ei_key.ptr = NULL; - this->secrets.ei_key.len = 0; - this->secrets.er_key.ptr = NULL; - this->secrets.er_key.len = 0; - this->secrets.pi_key.ptr = NULL; - this->secrets.pi_key.len = 0; - this->secrets.pr_key.ptr = NULL; - this->secrets.pr_key.len = 0; + this->secrets.d_key = CHUNK_INITIALIZER; + this->secrets.ai_key = CHUNK_INITIALIZER; + this->secrets.ar_key = CHUNK_INITIALIZER; + this->secrets.ei_key = CHUNK_INITIALIZER; + this->secrets.er_key = CHUNK_INITIALIZER; + this->secrets.pi_key = CHUNK_INITIALIZER; + this->secrets.pr_key = CHUNK_INITIALIZER; this->crypter_initiator = NULL; this->crypter_responder = NULL; this->signer_initiator = NULL; this->signer_responder = NULL; this->prf = NULL; - - - /* at creation time, IKE_SA is in a initiator state */ if (ike_sa_id->is_initiator(ike_sa_id)) { @@ -1027,17 +812,5 @@ ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id) { this->current_state = (state_t *) responder_init_create(&(this->protected)); } - - if (this->current_state == NULL) - { - this->logger->log(this->logger, ERROR, "Fatal error: Could not create state object"); - this->child_sas->destroy(this->child_sas); - this->ike_sa_id->destroy(this->ike_sa_id); - global_logger_manager->destroy_logger(global_logger_manager,this->logger); - this->randomizer->destroy(this->randomizer); - allocator_free(this); - } - - return &(this->protected.public); } |