8 files changed, 47 insertions, 33 deletions

diff --git a/Source/charon/config/configuration_manager.c b/Source/charon/config/configuration_manager.c
index 697b949e5..03e34bfd5 100644
--- a/Source/charon/config/configuration_manager.c
+++ b/Source/charon/config/configuration_manager.c
@@ -182,16 +182,16 @@ static void load_default_config (private_configuration_manager_t *this)
 	init_config3->add_proposal(init_config3,1,proposals[0]);
 	init_config3->add_proposal(init_config3,1,proposals[1]);
 	
-	sa_config1 = sa_config_create(ID_IPV4_ADDR, "152.96.193.130", 
-								  ID_IPV4_ADDR, "152.96.193.131",
-								  RSA_DIGITAL_SIGNATURE);
+	sa_config1 = sa_config_create(ID_IPV4_ADDR, "152.96.193.131", 
+								  ID_IPV4_ADDR, "152.96.193.130",
+								  SHARED_KEY_MESSAGE_INTEGRITY_CODE);
 								  
 	sa_config1->add_traffic_selector_initiator(sa_config1,ts);
 	sa_config1->add_traffic_selector_responder(sa_config1,ts);
 
 	sa_config2 = sa_config_create(ID_IPV4_ADDR, "152.96.193.130", 
 								  ID_IPV4_ADDR, "152.96.193.131",
-								  RSA_DIGITAL_SIGNATURE);
+								  SHARED_KEY_MESSAGE_INTEGRITY_CODE);
 
 	sa_config2->add_traffic_selector_initiator(sa_config2,ts);
 	sa_config2->add_traffic_selector_responder(sa_config2,ts);
diff --git a/Source/charon/config/sa_config.c b/Source/charon/config/sa_config.c
index 3f253b54f..2d91f7bbe 100644
--- a/Source/charon/config/sa_config.c
+++ b/Source/charon/config/sa_config.c
@@ -404,6 +404,7 @@ sa_config_t *sa_config_create(id_type_t my_id_type, char *my_id, id_type_t other
 	this->proposals = linked_list_create();
 	this->ts_initiator = linked_list_create();
 	this->ts_responder = linked_list_create();
+	this->auth_method = auth_method;
 
 	return (&this->public);
 }
diff --git a/Source/charon/daemon.c b/Source/charon/daemon.c
index 7fe3d5b28..175cfa372 100644
--- a/Source/charon/daemon.c
+++ b/Source/charon/daemon.c
@@ -159,7 +159,7 @@ static void build_test_jobs(private_daemon_t *this)
 	for(i = 0; i<1; i++)
 	{
 		initiate_ike_sa_job_t *initiate_job;
-		initiate_job = initiate_ike_sa_job_create("localhost");
+		initiate_job = initiate_ike_sa_job_create("pinflb30");
 		this->public.job_queue->add(this->public.job_queue, (job_t*)initiate_job);
 	}
 }
diff --git a/Source/charon/daemon.h b/Source/charon/daemon.h
index 8da5eb5eb..651ed0370 100644
--- a/Source/charon/daemon.h
+++ b/Source/charon/daemon.h
@@ -54,7 +54,7 @@
  * Port on which the daemon will 
  * listen for incoming traffic
  */
-#define IKEV2_UDP_PORT 4500
+#define IKEV2_UDP_PORT 500
 
 /**
  * Default loglevel to use. This is the
diff --git a/Source/charon/sa/states/ike_sa_init_requested.c b/Source/charon/sa/states/ike_sa_init_requested.c
index 946e46839..2dfcd8f11 100644
--- a/Source/charon/sa/states/ike_sa_init_requested.c
+++ b/Source/charon/sa/states/ike_sa_init_requested.c
@@ -155,6 +155,7 @@ static status_t process_message(private_ike_sa_init_requested_t *this, message_t
 {
 	ike_auth_requested_t *next_state;
 	exchange_type_t	exchange_type;
+	init_config_t *init_config;	
 	u_int64_t responder_spi;
 	ike_sa_id_t *ike_sa_id;
 	iterator_t *payloads;
@@ -190,10 +191,13 @@ static status_t process_message(private_ike_sa_init_requested_t *this, message_t
 		return status;	
 	}
 	
+	/* get configuration */
+	init_config = this->ike_sa->get_init_config(this->ike_sa);
+	
 
 	if (responder_spi == 0)
 	{
-		this->logger->log(this->logger, ERROR | MORE, "Responder SPI still zero.");
+		this->logger->log(this->logger, ERROR | MORE, "Responder SPI still zero");
 		return FAILED;
 	}
 	/* because I am original initiator i have to update the responder SPI to the new one */	
@@ -207,7 +211,7 @@ static status_t process_message(private_ike_sa_init_requested_t *this, message_t
 	 */
 	payloads = ike_sa_init_reply->get_payload_iterator(ike_sa_init_reply);
 	while (payloads->has_next(payloads))
-	{
+	{ 
 		payload_t *payload;
 		payloads->current(payloads, (void**)&payload);
 		
@@ -220,9 +224,9 @@ static status_t process_message(private_ike_sa_init_requested_t *this, message_t
 				ike_proposal_t *ike_proposals;
 				ike_proposal_t selected_proposal;
 				size_t proposal_count;			
-				init_config_t *init_config;	
+
 				
-				/* get the list of suggested proposals */ 
+				/* get the list of selected proposals */ 
 				status = sa_payload->get_ike_proposals (sa_payload, &ike_proposals,&proposal_count);
 				if (status != SUCCESS)
 				{
@@ -230,24 +234,22 @@ static status_t process_message(private_ike_sa_init_requested_t *this, message_t
 					payloads->destroy(payloads);
 					return status;	
 				}
-				
+				/* the peer has to select only one proposal */
 				if (proposal_count != 1)
 				{
-					this->logger->log(this->logger, ERROR | MORE, "More then one proposal selected!");
+					this->logger->log(this->logger, ERROR | MORE, "More then 1 proposal (%d) selected!",proposal_count);
 					allocator_free(ike_proposals);
 					payloads->destroy(payloads);
 					return status;							
 				}
 				
 				/* now let the configuration-manager check the selected proposals*/
-				this->logger->log(this->logger, CONTROL | MOST, "Check suggested proposals");
-				init_config = this->ike_sa->get_init_config(this->ike_sa);
-
+				this->logger->log(this->logger, CONTROL | MOST, "Check selected proposal");
 				status = init_config->select_proposal (init_config,ike_proposals,1,&selected_proposal);
 				allocator_free(ike_proposals);
 				if (status != SUCCESS)
 				{
-					this->logger->log(this->logger, ERROR | MORE, "Selected proposal not a suggested one!");
+					this->logger->log(this->logger, ERROR | MORE, "Selected proposal not a suggested one! Peer is trying to trick me!");
 					payloads->destroy(payloads);
 					return status;
 				}
@@ -265,17 +267,16 @@ static status_t process_message(private_ike_sa_init_requested_t *this, message_t
 			case KEY_EXCHANGE:
 			{
 				ke_payload_t *ke_payload = (ke_payload_t*)payload;
-				
-				this->diffie_hellman->set_other_public_value(this->diffie_hellman, ke_payload->get_key_exchange_data(ke_payload));
-				
+				this->diffie_hellman->set_other_public_value(this->diffie_hellman, ke_payload->get_key_exchange_data(ke_payload));				
 				/* shared secret is computed AFTER processing of all payloads... */				
 				break;
 			}
 			case NONCE:
 			{
-				nonce_payload_t 	*nonce_payload = (nonce_payload_t*)payload;
+				nonce_payload_t *nonce_payload = (nonce_payload_t*)payload;
 				
 				allocator_free(this->received_nonce.ptr);
+
 				this->received_nonce = CHUNK_INITIALIZER;
 				
 				nonce_payload->get_nonce(nonce_payload, &(this->received_nonce));
@@ -283,7 +284,7 @@ static status_t process_message(private_ike_sa_init_requested_t *this, message_t
 			}
 			default:
 			{
-				this->logger->log(this->logger, ERROR, "Payload type not supported!!!!");
+				this->logger->log(this->logger, ERROR, "Payload type %s not supported in state ike_sa_init_requested!", mapping_find(payload_type_m, payload->get_type(payload)));
 				payloads->destroy(payloads);
 				return FAILED;
 			}
@@ -296,25 +297,28 @@ static status_t process_message(private_ike_sa_init_requested_t *this, message_t
 	allocator_free(this->shared_secret.ptr);
 	this->shared_secret = CHUNK_INITIALIZER;
 	
-	/* store shared secret  */
+	/* store shared secret  
+	 * status of dh objectt does not have to get checked cause other key is set
+	 */
 	this->logger->log(this->logger, CONTROL | MOST, "Retrieve shared secret and store it");
 	status = this->diffie_hellman->get_shared_secret(this->diffie_hellman, &(this->shared_secret));		
 	this->logger->log_chunk(this->logger, PRIVATE, "Shared secret", &this->shared_secret);
-	
+
+	this->logger->log(this->logger, CONTROL | MOST, "Going to derive all secrets from shared secret");	
 	this->ike_sa->compute_secrets(this->ike_sa,this->shared_secret,this->sent_nonce, this->received_nonce);
 
 	/* build the complete IKE_AUTH request */
 	this->build_ike_auth_request (this,&request);
 
 	/* generate packet */	
-	this->logger->log(this->logger, CONTROL|MOST, "generate packet from message");
+	this->logger->log(this->logger, CONTROL|MOST, "Generate packet from message");
 
 	status = request->generate(request, this->ike_sa->get_crypter_initiator(this->ike_sa), this->ike_sa->get_signer_initiator(this->ike_sa), &packet);
 	if (status != SUCCESS)
 	{
-		this->logger->log(this->logger, ERROR, "could not generate packet from message");
+		this->logger->log(this->logger, ERROR, "Could not generate packet from message");
 		request->destroy(request);
-		return status;
+		return DELETE_ME;
 	}
 	
 	this->logger->log(this->logger, CONTROL|MOST, "Add packet to global send queue");
@@ -332,7 +336,7 @@ static status_t process_message(private_ike_sa_init_requested_t *this, message_t
 		this->logger->log(this->logger, ERROR, "Could not set last requested message");
 		(next_state->state_interface).destroy(&(next_state->state_interface));
 		request->destroy(request);
-		return status;
+		return DELETE_ME;
 	}
 
 	/* state can now be changed */ 
@@ -343,7 +347,6 @@ static status_t process_message(private_ike_sa_init_requested_t *this, message_t
 
 	this->logger->log(this->logger, CONTROL|MOST, "Destroy old sate object");
 	this->destroy_after_state_change(this);
-	
 	return SUCCESS;
 }
 
diff --git a/Source/charon/threads/thread_pool.c b/Source/charon/threads/thread_pool.c
index 0157e2af3..661d0fdb7 100644
--- a/Source/charon/threads/thread_pool.c
+++ b/Source/charon/threads/thread_pool.c
@@ -214,11 +214,19 @@ static void process_incoming_packet_job(private_thread_pool_t *this, incoming_pa
 							 ike_sa_id->get_responder_spi(ike_sa_id),
 							 ike_sa_id->is_initiator(ike_sa_id) ? "initiator" : "responder");
 	ike_sa_id->destroy(ike_sa_id);
-									
-	status = charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
+		
+	if (status == DELETE_ME)
+	{
+		status = charon->ike_sa_manager->checkin_and_delete(charon->ike_sa_manager, ike_sa);
+	}
+	else
+	{
+		status = charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
+	}
+					
 	if (status != SUCCESS)
 	{
-		this->worker_logger->log(this->worker_logger, ERROR, "checkin of IKE SA failed");
+		this->worker_logger->log(this->worker_logger, ERROR, "checkin of IKE SA failed!");
 	}
 	message->destroy(message);
 }
@@ -247,7 +255,7 @@ static void process_initiate_ike_sa_job(private_thread_pool_t *this, initiate_ik
 	status = ike_sa->initialize_connection(ike_sa, job->get_configuration_name(job));
 	if (status != SUCCESS)
 	{
-		this->worker_logger->log(this->worker_logger, ERROR, "%s by initialize_conection, job and rejected, IKE_SA deleted.", 
+		this->worker_logger->log(this->worker_logger, ERROR, "%s by initialize_conection, going to delete IKE_SA.", 
 								 mapping_find(status_m, status));
 		charon->ike_sa_manager->checkin_and_delete(charon->ike_sa_manager, ike_sa);
 		return;
diff --git a/Source/charon/types.c b/Source/charon/types.c
index 7072d846d..9af849893 100644
--- a/Source/charon/types.c
+++ b/Source/charon/types.c
@@ -35,6 +35,7 @@ mapping_t status_m[] = {
 	{PARSE_ERROR, "PARSE_ERROR"},
 	{VERIFY_ERROR, "VERIFY_ERROR"},
 	{INVALID_STATE, "INVALID_STATE"},
+	{DELETE_ME, "DELETE_ME"},
 	{MAPPING_END, NULL}
 };
 
diff --git a/Source/charon/types.h b/Source/charon/types.h
index 5e7b6bba3..521741f72 100644
--- a/Source/charon/types.h
+++ b/Source/charon/types.h
@@ -45,7 +45,8 @@ enum status_t {
 	NOT_FOUND,
 	PARSE_ERROR,
 	VERIFY_ERROR,
-	INVALID_STATE
+	INVALID_STATE,
+	DELETE_ME,
 };
 
 extern mapping_t status_m[];