aboutsummaryrefslogtreecommitdiffstats
path: root/Source/charon/sa/states/initiator_init.c
diff options
context:
space:
mode:
Diffstat (limited to 'Source/charon/sa/states/initiator_init.c')
-rw-r--r--Source/charon/sa/states/initiator_init.c69
1 files changed, 21 insertions, 48 deletions
diff --git a/Source/charon/sa/states/initiator_init.c b/Source/charon/sa/states/initiator_init.c
index 6ab698f89..f27dcb559 100644
--- a/Source/charon/sa/states/initiator_init.c
+++ b/Source/charon/sa/states/initiator_init.c
@@ -58,17 +58,6 @@ struct private_initiator_init_t {
diffie_hellman_t *diffie_hellman;
/**
- * DH group number.
- */
- u_int16_t dh_group_number;
-
- /**
- * DH group priority used to get dh_group_number from configuration manager.
- * This priority is passed to the next state of type IKE_SA_INIT_REQUESTED.
- */
- u_int16_t dh_group_priority;
-
- /**
* Sent nonce.
* This nonce is passed to the next state of type IKE_SA_INIT_REQUESTED.
*/
@@ -124,49 +113,41 @@ static status_t initiate_connection (private_initiator_init_t *this, char *name)
init_config_t *init_config;
sa_config_t *sa_config;
status_t status;
-
+ diffie_hellman_group_t dh_group;
this->logger->log(this->logger, CONTROL, "Initializing connection %s",name);
+ /* get configs */
status = charon->configuration_manager->get_init_config_for_name(charon->configuration_manager,name,&init_config);
if (status != SUCCESS)
{
this->logger->log(this->logger, ERROR | LEVEL1, "Could not retrieve INIT configuration informations for %s",name);
return DELETE_ME;
}
-
this->ike_sa->set_init_config(this->ike_sa,init_config);
-
status = charon->configuration_manager->get_sa_config_for_name(charon->configuration_manager,name,&sa_config);
-
if (status != SUCCESS)
- {
+ {
this->logger->log(this->logger, ERROR | LEVEL1, "Could not retrieve SA configuration informations for %s",name);
return DELETE_ME;
}
-
this->ike_sa->set_sa_config(this->ike_sa,sa_config);
/* host informations are read from configuration */
this->ike_sa->set_other_host(this->ike_sa,init_config->get_other_host_clone(init_config));
this->ike_sa->set_my_host(this->ike_sa,init_config->get_my_host_clone(init_config));
- this->dh_group_number = init_config->get_dh_group_number(init_config,this->dh_group_priority);
- if (this->dh_group_number == MODP_UNDEFINED)
- {
- this->logger->log(this->logger, AUDIT, "Could not find a matching diffie hellman group after %d. try. Aborting.",
- this->dh_group_priority);
- return DELETE_ME;
- }
+ /* we must guess now a DH group. For that we choose our most preferred group */
+ dh_group = init_config->get_dh_group(init_config);
/* next step is done in retry_initiate_connection */
- return this->public.retry_initiate_connection(&(this->public),this->dh_group_priority);
+ return this->public.retry_initiate_connection(&(this->public), dh_group);
}
/**
* Implementation of initiator_init_t.retry_initiate_connection.
*/
-status_t retry_initiate_connection (private_initiator_init_t *this, int dh_group_priority)
+status_t retry_initiate_connection (private_initiator_init_t *this, diffie_hellman_group_t dh_group)
{
ike_sa_init_requested_t *next_state;
chunk_t ike_sa_init_request_data;
@@ -174,24 +155,18 @@ status_t retry_initiate_connection (private_initiator_init_t *this, int dh_group
ike_sa_id_t *ike_sa_id;
message_t *message;
status_t status;
-
- this->dh_group_priority = dh_group_priority;
-
- init_config = this->ike_sa->get_init_config(this->ike_sa);
-
- ike_sa_id = this->ike_sa->public.get_id(&(this->ike_sa->public));
- ike_sa_id->set_responder_spi(ike_sa_id,0);
-
- this->dh_group_number = init_config->get_dh_group_number(init_config,dh_group_priority);
- if (this->dh_group_number == MODP_UNDEFINED)
+ if (dh_group == MODP_UNDEFINED)
{
- this->logger->log(this->logger, AUDIT, "Could not find a matching diffie hellman group after %d. try. Aborting.",
- this->dh_group_priority);
+ this->logger->log(this->logger, AUDIT, "No DH group acceptable for initialization, Aborting");
+ message->destroy(message);
return DELETE_ME;
}
- this->diffie_hellman = diffie_hellman_create(this->dh_group_number);
+ init_config = this->ike_sa->get_init_config(this->ike_sa);
+ this->diffie_hellman = diffie_hellman_create(dh_group);
+ ike_sa_id = this->ike_sa->public.get_id(&(this->ike_sa->public));
+ ike_sa_id->set_responder_spi(ike_sa_id,0);
/* going to build message */
this->logger->log(this->logger, CONTROL|LEVEL2, "Going to build message");
@@ -222,7 +197,7 @@ status_t retry_initiate_connection (private_initiator_init_t *this, int dh_group
/* state can now be changed */
this->logger->log(this->logger, CONTROL|LEVEL2, "Create next state object");
- next_state = ike_sa_init_requested_create(this->ike_sa, this->dh_group_priority, this->diffie_hellman, this->sent_nonce,ike_sa_init_request_data);
+ next_state = ike_sa_init_requested_create(this->ike_sa, this->diffie_hellman, this->sent_nonce,ike_sa_init_request_data);
this->ike_sa->set_new_state(this->ike_sa,(state_t *) next_state);
this->logger->log(this->logger, CONTROL|LEVEL2, "Destroy old sate object");
@@ -236,19 +211,16 @@ status_t retry_initiate_connection (private_initiator_init_t *this, int dh_group
static void build_sa_payload(private_initiator_init_t *this, message_t *request)
{
sa_payload_t* sa_payload;
- size_t proposal_count;
- ike_proposal_t *proposals;
+ linked_list_t *proposal_list;
init_config_t *init_config;
this->logger->log(this->logger, CONTROL|LEVEL1, "Building SA payload");
init_config = this->ike_sa->get_init_config(this->ike_sa);
- proposal_count = init_config->get_proposals(init_config,&proposals);
+ proposal_list = init_config->get_proposals(init_config);
- sa_payload = sa_payload_create_from_ike_proposals(proposals,proposal_count);
-
- allocator_free(proposals);
+ sa_payload = sa_payload_create_from_proposal_list(proposal_list);
this->logger->log(this->logger, CONTROL|LEVEL2, "Add SA payload to message");
request->add_payload(request, (payload_t *) sa_payload);
@@ -261,13 +233,15 @@ static void build_ke_payload(private_initiator_init_t *this, message_t *request)
{
ke_payload_t *ke_payload;
chunk_t key_data;
+ diffie_hellman_group_t dh_group;
this->logger->log(this->logger, CONTROL|LEVEL1, "Building KE payload");
this->diffie_hellman->get_my_public_value(this->diffie_hellman,&key_data);
+ dh_group = this->diffie_hellman->get_dh_group(this->diffie_hellman);
ke_payload = ke_payload_create();
- ke_payload->set_dh_group_number(ke_payload, this->dh_group_number);
+ ke_payload->set_dh_group_number(ke_payload, dh_group);
ke_payload->set_key_exchange_data(ke_payload, key_data);
allocator_free_chunk(&key_data);
@@ -372,7 +346,6 @@ initiator_init_t *initiator_init_create(protected_ike_sa_t *ike_sa)
/* private data */
this->ike_sa = ike_sa;
- this->dh_group_priority = 1;
this->logger = this->ike_sa->get_logger(this->ike_sa);
this->sent_nonce = CHUNK_INITIALIZER;
this->diffie_hellman = NULL;
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-17 21:16:34 +0000