aboutsummaryrefslogtreecommitdiffstats
path: root/Source/charon/sa
diff options
context:
space:
mode:
Diffstat (limited to 'Source/charon/sa')
-rw-r--r--Source/charon/sa/ike_sa.c37
-rw-r--r--Source/charon/sa/ike_sa.h17
-rw-r--r--Source/charon/sa/states/ike_sa_init_requested.c83
3 files changed, 129 insertions, 8 deletions
diff --git a/Source/charon/sa/ike_sa.c b/Source/charon/sa/ike_sa.c
index 7d6fcef20..60e608678 100644
--- a/Source/charon/sa/ike_sa.c
+++ b/Source/charon/sa/ike_sa.c
@@ -374,6 +374,15 @@ static void compute_secrets(private_ike_sa_t *this,chunk_t dh_shared_secret,chun
prf_plus->allocate_bytes(prf_plus,this->prf->get_block_size(this->prf),&(this->secrets.d_key));
this->logger->log_chunk(this->logger, PRIVATE, "Sk_d secret", &(this->secrets.d_key));
+ prf_plus->allocate_bytes(prf_plus,this->signer_initiator->get_key_size(this->signer_initiator),&(this->secrets.ai_key));
+ this->logger->log_chunk(this->logger, PRIVATE, "Sk_ai secret", &(this->secrets.ai_key));
+ this->signer_initiator->set_key(this->signer_initiator,this->secrets.ai_key);
+
+ prf_plus->allocate_bytes(prf_plus,this->signer_responder->get_key_size(this->signer_responder),&(this->secrets.ar_key));
+ this->logger->log_chunk(this->logger, PRIVATE, "Sk_ar secret", &(this->secrets.ar_key));
+ this->signer_responder->set_key(this->signer_responder,this->secrets.ar_key);
+
+
prf_plus->allocate_bytes(prf_plus,this->crypter_initiator->get_block_size(this->crypter_initiator),&(this->secrets.ei_key));
this->logger->log_chunk(this->logger, PRIVATE, "Sk_ei secret", &(this->secrets.ei_key));
this->crypter_initiator->set_key(this->crypter_initiator,this->secrets.ei_key);
@@ -382,14 +391,6 @@ static void compute_secrets(private_ike_sa_t *this,chunk_t dh_shared_secret,chun
this->logger->log_chunk(this->logger, PRIVATE, "Sk_er secret", &(this->secrets.er_key));
this->crypter_responder->set_key(this->crypter_responder,this->secrets.er_key);
- prf_plus->allocate_bytes(prf_plus,this->signer_initiator->get_block_size(this->signer_initiator),&(this->secrets.ai_key));
- this->logger->log_chunk(this->logger, PRIVATE, "Sk_ai secret", &(this->secrets.ai_key));
- this->signer_initiator->set_key(this->signer_initiator,this->secrets.ai_key);
-
- prf_plus->allocate_bytes(prf_plus,this->signer_responder->get_block_size(this->signer_responder),&(this->secrets.ar_key));
- this->logger->log_chunk(this->logger, PRIVATE, "Sk_ar secret", &(this->secrets.ar_key));
- this->signer_responder->set_key(this->signer_responder,this->secrets.ar_key);
-
prf_plus->allocate_bytes(prf_plus,this->crypter_responder->get_block_size(this->crypter_responder),&(this->secrets.pi_key));
this->logger->log_chunk(this->logger, PRIVATE, "Sk_pi secret", &(this->secrets.pi_key));
@@ -601,6 +602,22 @@ static randomizer_t *get_randomizer (private_ike_sa_t *this)
}
/**
+ * Implementation of protected_ike_sa_t.get_crypter_initiator.
+ */
+static crypter_t *get_crypter_initiator (private_ike_sa_t *this)
+{
+ return this->crypter_initiator;
+}
+
+/**
+ * Implementation of protected_ike_sa_t.get_signer_initiator.
+ */
+static signer_t *get_signer_initiator (private_ike_sa_t *this)
+{
+ return this->signer_initiator;
+}
+
+/**
* Implementation of protected_ike_sa_t.set_last_requested_message.
*/
static status_t set_last_requested_message (private_ike_sa_t *this,message_t * message)
@@ -769,12 +786,16 @@ ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id)
this->protected.set_last_responded_message = (status_t (*) (protected_ike_sa_t *,message_t *)) set_last_responded_message;
this->protected.create_transforms_from_proposal = (status_t (*) (protected_ike_sa_t *,proposal_substructure_t *)) create_transforms_from_proposal;
this->protected.set_new_state = (void (*) (protected_ike_sa_t *,state_t *)) set_new_state;
+ this->protected.get_crypter_initiator = (crypter_t *(*) (protected_ike_sa_t *)) get_crypter_initiator;
+ this->protected.get_signer_initiator = (signer_t *(*) (protected_ike_sa_t *)) get_signer_initiator;
/* private functions */
this->resend_last_reply = resend_last_reply;
this->create_delete_job = create_delete_job;
+
+
/* initialize private fields */
this->logger = charon->logger_manager->create_logger(charon->logger_manager, IKE_SA, NULL);
diff --git a/Source/charon/sa/ike_sa.h b/Source/charon/sa/ike_sa.h
index b4abfa48c..51d8be4e0 100644
--- a/Source/charon/sa/ike_sa.h
+++ b/Source/charon/sa/ike_sa.h
@@ -230,6 +230,23 @@ struct protected_ike_sa_t {
* @param state pointer to the new state_t object
*/
void (*set_new_state) (protected_ike_sa_t *this,state_t *state);
+
+ /**
+ * Gets the internal stored initiator crypter_t object.
+ *
+ * @param this calling object
+ * @return pointer to crypter_t object
+ */
+ crypter_t *(*get_crypter_initiator) (protected_ike_sa_t *this);
+
+ /**
+ * Gets the internal stored initiator signer object.
+ *
+ * @param this calling object
+ * @return pointer to signer_t object
+ */
+ signer_t *(*get_signer_initiator) (protected_ike_sa_t *this);
+
};
diff --git a/Source/charon/sa/states/ike_sa_init_requested.c b/Source/charon/sa/states/ike_sa_init_requested.c
index c039e733a..0663f0a5e 100644
--- a/Source/charon/sa/states/ike_sa_init_requested.c
+++ b/Source/charon/sa/states/ike_sa_init_requested.c
@@ -27,6 +27,7 @@
#include <encoding/payloads/sa_payload.h>
#include <encoding/payloads/ke_payload.h>
#include <encoding/payloads/nonce_payload.h>
+#include <encoding/payloads/id_payload.h>
#include <transforms/diffie_hellman.h>
@@ -80,6 +81,24 @@ struct private_ike_sa_init_requested_t {
* Is logger of ike_sa!
*/
logger_t *logger;
+
+ /**
+ * Builds the IKE_SA_AUTH request message.
+ *
+ * @param this calling object
+ * @param message the created message will be stored at this location
+ */
+ void (*build_ike_auth_request) (private_ike_sa_init_requested_t *this, message_t **message);
+
+ /**
+ * Builds the id payload for this state.
+ *
+ * @param this calling object
+ * @param payload The generated payload object of type id_payload_t is
+ * stored at this location.
+ */
+ void (*build_id_payload) (private_ike_sa_init_requested_t *this, payload_t **payload);
+
};
/**
@@ -90,6 +109,8 @@ static status_t process_message(private_ike_sa_init_requested_t *this, message_t
status_t status;
iterator_t *payloads;
exchange_type_t exchange_type;
+ message_t *request;
+ packet_t *packet;
u_int64_t responder_spi;
ike_sa_id_t *ike_sa_id;
@@ -227,6 +248,25 @@ static status_t process_message(private_ike_sa_init_requested_t *this, message_t
this->ike_sa->compute_secrets(this->ike_sa,this->shared_secret,this->sent_nonce, this->received_nonce);
+ this->build_ike_auth_request (this,&request);
+
+ /* generate packet */
+ this->logger->log(this->logger, CONTROL|MOST, "generate packet from message");
+
+ status = request->generate(request, this->ike_sa->get_crypter_initiator(this->ike_sa), this->ike_sa->get_signer_initiator(this->ike_sa), &packet);
+ if (status != SUCCESS)
+ {
+ this->logger->log(this->logger, ERROR, "could not generate packet from message");
+ message->destroy(message);
+ return status;
+ }
+
+ this->logger->log(this->logger, CONTROL|MOST, "Add packet to global send queue");
+ charon->send_queue->add(charon->send_queue, packet);
+
+
+ request->destroy(request);
+
/****************************
*
* TODO
@@ -252,6 +292,45 @@ static status_t process_message(private_ike_sa_init_requested_t *this, message_t
}
/**
+ * implements private_ike_sa_init_requested_t.build_ike_auth_request
+ */
+static void build_ike_auth_request (private_ike_sa_init_requested_t *this, message_t **request)
+{
+ payload_t *payload;
+ message_t *message;
+
+ /* going to build message */
+ this->logger->log(this->logger, CONTROL|MOST, "Going to build empty message");
+ this->ike_sa->build_message(this->ike_sa, IKE_AUTH, TRUE, &message);
+
+
+ /* build id payload */
+ this->build_id_payload(this, &payload);
+ this->logger->log(this->logger, CONTROL|MOST, "add id payload to message");
+ message->add_payload(message, payload);
+
+ *request = message;
+}
+
+static void build_id_payload (private_ike_sa_init_requested_t *this, payload_t **payload)
+{
+ id_payload_t *id_payload;
+ chunk_t email;
+
+ /* create IDi */
+ id_payload = id_payload_create(TRUE);
+ /* TODO special functions on id payload */
+ /* TODO configuration manager request */
+ id_payload->set_id_type(id_payload,ID_RFC822_ADDR);
+ email.ptr = "moerdi@hsr.ch";
+ email.len = strlen(email.ptr);
+ this->logger->log_chunk(this->logger, CONTROL, "Moerdi",&email);
+ id_payload->set_data(id_payload,email);
+
+ *payload = (payload_t *) id_payload;
+}
+
+/**
* Implements state_t.get_state
*/
static ike_sa_state_t get_state(private_ike_sa_init_requested_t *this)
@@ -287,6 +366,10 @@ ike_sa_init_requested_t *ike_sa_init_requested_create(protected_ike_sa_t *ike_sa
this->public.state_interface.get_state = (ike_sa_state_t (*) (state_t *)) get_state;
this->public.state_interface.destroy = (void (*) (state_t *)) destroy;
+ /* private functions */
+ this->build_ike_auth_request = build_ike_auth_request;
+ this->build_id_payload = build_id_payload;
+
/* private data */
this->ike_sa = ike_sa;
this->received_nonce = CHUNK_INITIALIZER;
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-22 10:39:46 +0000