aboutsummaryrefslogtreecommitdiffstats
path: root/src/charon/sa/ike_sa.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/charon/sa/ike_sa.c')
-rw-r--r--src/charon/sa/ike_sa.c594
1 files changed, 389 insertions, 205 deletions
diff --git a/src/charon/sa/ike_sa.c b/src/charon/sa/ike_sa.c
index eae7ad3d1..363e2264d 100644
--- a/src/charon/sa/ike_sa.c
+++ b/src/charon/sa/ike_sa.c
@@ -38,8 +38,10 @@
#include <encoding/payloads/delete_payload.h>
#include <encoding/payloads/transform_substructure.h>
#include <encoding/payloads/transform_attribute.h>
+#include <encoding/payloads/ts_payload.h>
#include <sa/states/initiator_init.h>
#include <sa/states/responder_init.h>
+#include <sa/states/create_child_sa_requested.h>
#include <queues/jobs/retransmit_request_job.h>
#include <queues/jobs/delete_established_ike_sa_job.h>
#include <queues/jobs/delete_half_open_ike_sa_job.h>
@@ -63,7 +65,7 @@ struct private_ike_sa_t {
* Identifier for the current IKE_SA.
*/
ike_sa_id_t *ike_sa_id;
-
+
/**
* Linked List containing the child sa's of the current IKE_SA.
*/
@@ -84,30 +86,12 @@ struct private_ike_sa_t {
state_t *current_state;
/**
- * INIT configuration, needed for the IKE_SA_INIT exchange.
- *
- * Gets set in states:
- * - INITATOR_INIT
- * - RESPONDER_INIT
- *
- * Available in states:
- * - IKE_SA_INIT_REQUESTED
- * - IKE_SA_INIT_RESPONDED
- * - IKE_AUTH_REQUESTED
- * -IKE_SA_ESTABLISHED
+ * Connection definition used for this IKE_SA
*/
connection_t *connection;
/**
- * SA configuration, needed for all other exchanges after IKE_SA_INIT exchange.
- *
- * Gets set in states:
- * - IKE_SA_INIT_REQUESTED
- * - IKE_SA_INIT_RESPONDED
- *
- * Available in states:
- * - IKE_AUTH_REQUESTED
- * -IKE_SA_ESTABLISHED
+ * Policy definition used for this IKE_SA
*/
policy_t *policy;
@@ -190,77 +174,6 @@ struct private_ike_sa_t {
};
/**
- * Implementation of ike_sa_t.process_message.
- */
-static status_t process_message(private_ike_sa_t *this, message_t *message)
-{
- u_int32_t message_id;
- exchange_type_t exchange_type;
- bool is_request;
- /* We must process each request or response from remote host */
-
- /* Find out type of message (request or response) */
- is_request = message->get_request(message);
- exchange_type = message->get_exchange_type(message);
-
- this->logger->log(this->logger, CONTROL|LEVEL1, "Process %s of exchange type %s",
- (is_request) ? "request" : "response",mapping_find(exchange_type_m,exchange_type));
-
- message_id = message->get_message_id(message);
-
- /*
- * It has to be checked, if the message has to be resent cause of lost packets!
- */
- if (is_request && (message_id == (this->message_id_in - 1)))
- {
- /* resend last message, if any */
- if (this->last_responded_message)
- {
- packet_t *packet = this->last_responded_message->get_packet(this->last_responded_message);
- this->logger->log(this->logger, CONTROL|LEVEL1, "Resent request detected. Send stored reply.");
- charon->send_queue->add(charon->send_queue, packet);
- return SUCCESS;
- }
- else
- {
- /* somebody does something nasty here... */
- return FAILED;
- }
- }
-
- /* Now, the message id is checked for request AND reply */
- if (is_request)
- {
- /* In a request, the message has to be this->message_id_in (other case is already handled) */
- if (message_id != this->message_id_in)
- {
- this->logger->log(this->logger, ERROR | LEVEL1,
- "Message request with message id %d received, but %d expected",
- message_id,this->message_id_in);
- return FAILED;
- }
- }
- else
- {
- /* In a reply, the message has to be this->message_id_out -1 cause it is the reply to the last sent message*/
- if (message_id != (this->message_id_out - 1))
- {
- this->logger->log(this->logger, ERROR | LEVEL1,
- "Message reply with message id %d received, but %d expected",
- message_id,this->message_id_in);
- return FAILED;
- }
- }
-
- /* now the message is processed by the current state object.
- * The specific state object is responsible to check if a message can be received in
- * the state it represents.
- * The current state is also responsible to change the state object to the next state
- * by calling protected_ike_sa_t.set_new_state*/
- return this->current_state->process_message(this->current_state,message);
-}
-
-/**
* Implementation of protected_ike_sa_t.build_message.
*/
static void build_message(private_ike_sa_t *this, exchange_type_t type, bool request, message_t **message)
@@ -284,95 +197,6 @@ static void build_message(private_ike_sa_t *this, exchange_type_t type, bool req
}
/**
- * Implementation of protected_ike_sa_t.initiate_connection.
- */
-static status_t initiate_connection(private_ike_sa_t *this, connection_t *connection)
-{
- initiator_init_t *current_state;
-
- /* Work is done in state object of type INITIATOR_INIT. All other states are not
- * initial states and so don't have a initiate_connection function */
-
- if (this->current_state->get_state(this->current_state) != INITIATOR_INIT)
- {
- return FAILED;
- }
-
- current_state = (initiator_init_t *) this->current_state;
-
- return current_state->initiate_connection(current_state, connection);
-}
-
-/**
- * Implementation of ike_sa_t.get_id.
- */
-static ike_sa_id_t* get_id(private_ike_sa_t *this)
-{
- return this->ike_sa_id;
-}
-
-/**
- * Implementation of ike_sa_t.get_my_host.
- */
-static host_t* get_my_host(private_ike_sa_t *this)
-{
- return this->connection->get_my_host(this->connection);;
-}
-
-/**
- * Implementation of ike_sa_t.get_other_host.
- */
-static host_t* get_other_host(private_ike_sa_t *this)
-{
- return this->connection->get_other_host(this->connection);;
-}
-
-/**
- * Implementation of ike_sa_t.get_my_id.
- */
-static identification_t* get_my_id(private_ike_sa_t *this)
-{
- return this->policy->get_my_id(this->policy);;
-}
-
-/**
- * Implementation of ike_sa_t.get_other_id.
- */
-static identification_t* get_other_id(private_ike_sa_t *this)
-{
- return this->policy->get_other_id(this->policy);;
-}
-
-/**
- * Implementation of ike_sa_t.retransmit_request.
- */
-status_t retransmit_request (private_ike_sa_t *this, u_int32_t message_id)
-{
- packet_t *packet;
-
- if (this->last_requested_message == NULL)
- {
- return NOT_FOUND;
- }
-
- if (message_id == this->last_replied_message_id)
- {
- return NOT_FOUND;
- }
-
- if ((this->last_requested_message->get_message_id(this->last_requested_message)) != message_id)
- {
- return NOT_FOUND;
- }
-
- this->logger->log(this->logger, CONTROL | LEVEL1, "Going to retransmit message with id %d",message_id);
- packet = this->last_requested_message->get_packet(this->last_requested_message);
- charon->send_queue->add(charon->send_queue, packet);
-
- return SUCCESS;
-}
-
-/**
* Implementation of ike_sa_t.get_state.
*/
static ike_sa_state_t get_state(private_ike_sa_t *this)
@@ -454,6 +278,74 @@ static prf_t *get_prf_auth_r(private_ike_sa_t *this)
{
return this->prf_auth_r;
}
+/**
+ * Implementation of ike_sa_t.get_id.
+ */
+static ike_sa_id_t* get_id(private_ike_sa_t *this)
+{
+ return this->ike_sa_id;
+}
+
+/**
+ * Implementation of ike_sa_t.get_my_host.
+ */
+static host_t* get_my_host(private_ike_sa_t *this)
+{
+ return this->connection->get_my_host(this->connection);;
+}
+
+/**
+ * Implementation of ike_sa_t.get_other_host.
+ */
+static host_t* get_other_host(private_ike_sa_t *this)
+{
+ return this->connection->get_other_host(this->connection);;
+}
+
+/**
+ * Implementation of ike_sa_t.get_my_id.
+ */
+static identification_t* get_my_id(private_ike_sa_t *this)
+{
+ return this->policy->get_my_id(this->policy);;
+}
+
+/**
+ * Implementation of ike_sa_t.get_other_id.
+ */
+static identification_t* get_other_id(private_ike_sa_t *this)
+{
+ return this->policy->get_other_id(this->policy);;
+}
+
+/**
+ * Implementation of ike_sa_t.retransmit_request.
+ */
+status_t retransmit_request (private_ike_sa_t *this, u_int32_t message_id)
+{
+ packet_t *packet;
+
+ if (this->last_requested_message == NULL)
+ {
+ return NOT_FOUND;
+ }
+
+ if (message_id == this->last_replied_message_id)
+ {
+ return NOT_FOUND;
+ }
+
+ if ((this->last_requested_message->get_message_id(this->last_requested_message)) != message_id)
+ {
+ return NOT_FOUND;
+ }
+
+ this->logger->log(this->logger, CONTROL | LEVEL1, "Going to retransmit message with id %d",message_id);
+ packet = this->last_requested_message->get_packet(this->last_requested_message);
+ charon->send_queue->add(charon->send_queue, packet);
+
+ return SUCCESS;
+}
/**
@@ -468,13 +360,13 @@ static status_t build_transforms(private_ike_sa_t *this, proposal_t *proposal, d
size_t key_size;
/*
- * Build the PRF+ instance for deriving keys
- */
+ * Build the PRF+ instance for deriving keys
+ */
if (this->prf != NULL)
{
this->prf->destroy(this->prf);
}
- proposal->get_algorithm(proposal, PROTO_IKE, PSEUDO_RANDOM_FUNCTION, &algo);
+ proposal->get_algorithm(proposal, PSEUDO_RANDOM_FUNCTION, &algo);
if (algo == NULL)
{
this->logger->log(this->logger, ERROR|LEVEL2, "No PRF algoithm selected!?");
@@ -511,10 +403,10 @@ static status_t build_transforms(private_ike_sa_t *this, proposal_t *proposal, d
chunk_free(&secret);
/* prf+ (SKEYSEED, Ni | Nr | SPIi | SPIr )
- * = SK_d | SK_ai | SK_ar | SK_ei | SK_er | SK_pi | SK_pr
- *
- * we use the prf directly for prf+
- */
+ * = SK_d | SK_ai | SK_ar | SK_ei | SK_er | SK_pi | SK_pr
+ *
+ * we use the prf directly for prf+
+ */
this->prf->set_key(this->prf, skeyseed);
prf_plus = prf_plus_create(this->prf, nonces_spis);
@@ -525,9 +417,9 @@ static status_t build_transforms(private_ike_sa_t *this, proposal_t *proposal, d
/*
- * We now can derive all of our key. We build the transforms
- * directly.
- */
+ * We now can derive all of our key. We build the transforms
+ * directly.
+ */
/* SK_d used for prf+ to derive keys for child SAs */
@@ -540,7 +432,7 @@ static status_t build_transforms(private_ike_sa_t *this, proposal_t *proposal, d
/* SK_ai/SK_ar used for integrity protection */
- proposal->get_algorithm(proposal, PROTO_IKE, INTEGRITY_ALGORITHM, &algo);
+ proposal->get_algorithm(proposal, INTEGRITY_ALGORITHM, &algo);
if (algo == NULL)
{
this->logger->log(this->logger, ERROR|LEVEL2, "No integrity algoithm selected?!");
@@ -578,7 +470,7 @@ static status_t build_transforms(private_ike_sa_t *this, proposal_t *proposal, d
/* SK_ei/SK_er used for encryption */
- proposal->get_algorithm(proposal, PROTO_IKE, ENCRYPTION_ALGORITHM, &algo);
+ proposal->get_algorithm(proposal, ENCRYPTION_ALGORITHM, &algo);
if (algo == NULL)
{
this->logger->log(this->logger, ERROR|LEVEL2, "No encryption algoithm selected!?");
@@ -616,7 +508,7 @@ static status_t build_transforms(private_ike_sa_t *this, proposal_t *proposal, d
chunk_free(&key);
/* SK_pi/SK_pr used for authentication */
- proposal->get_algorithm(proposal, PROTO_IKE, PSEUDO_RANDOM_FUNCTION, &algo);
+ proposal->get_algorithm(proposal, PSEUDO_RANDOM_FUNCTION, &algo);
if (this->prf_auth_i != NULL)
{
this->prf_auth_i->destroy(this->prf_auth_i);
@@ -701,7 +593,7 @@ static status_t send_request(private_ike_sa_t *this, message_t *message)
if (message->get_message_id(message) != this->message_id_out)
{
this->logger->log(this->logger, ERROR, "Message could not be sent cause id (%d) was not as expected (%d)",
- message->get_message_id(message),this->message_id_out);
+ message->get_message_id(message),this->message_id_out);
return FAILED;
}
@@ -727,8 +619,8 @@ static status_t send_request(private_ike_sa_t *this, message_t *message)
}
this->logger->log(this->logger, CONTROL|LEVEL3,
- "Add request packet with message id %d to global send queue",
- this->message_id_out);
+ "Add request packet with message id %d to global send queue",
+ this->message_id_out);
charon->send_queue->add(charon->send_queue, packet);
/* replace last message for retransmit with current */
@@ -754,8 +646,8 @@ static status_t send_request(private_ike_sa_t *this, message_t *message)
/* message counter can now be increased */
this->logger->log(this->logger, CONTROL|LEVEL3,
- "Increase message counter for outgoing messages from %d",
- this->message_id_out);
+ "Increase message counter for outgoing messages from %d",
+ this->message_id_out);
this->message_id_out++;
return SUCCESS;
}
@@ -795,8 +687,8 @@ static status_t send_response(private_ike_sa_t *this, message_t *message)
}
this->logger->log(this->logger, CONTROL|LEVEL3,
- "Add response packet with message id %d to global send queue",
- this->message_id_in);
+ "Add response packet with message id %d to global send queue",
+ this->message_id_in);
charon->send_queue->add(charon->send_queue, packet);
if (this->last_responded_message != NULL)
@@ -827,7 +719,7 @@ static void send_notify(private_ike_sa_t *this, exchange_type_t exchange_type, n
this->logger->log(this->logger, CONTROL|LEVEL2, "Going to build message with notify payload");
/* set up the reply */
- this->protected.build_message(&(this->protected), exchange_type, FALSE, &response);
+ build_message(this, exchange_type, FALSE, &response);
payload = notify_payload_create_from_protocol_and_type(PROTO_IKE, type);
if ((data.ptr != NULL) && (data.len > 0))
{
@@ -887,6 +779,220 @@ static void add_child_sa(private_ike_sa_t *this, child_sa_t *child_sa)
}
/**
+ * Process an informational request
+ */
+static status_t process_informational(private_ike_sa_t *this, message_t *request)
+{
+ delete_payload_t *delete_request = NULL;
+ message_t *response;
+ iterator_t *payloads;
+ state_t *old_state;
+
+ build_message(this, INFORMATIONAL, FALSE, &response);
+
+ payloads = request->get_payload_iterator(request);
+ while (payloads->has_next(payloads))
+ {
+ payload_t *payload;
+ payloads->current(payloads, (void**)&payload);
+
+ switch (payload->get_type(payload))
+ {
+ case DELETE:
+ {
+ delete_request = (delete_payload_t *) payload;
+ break;
+ }
+ default:
+ {
+ this->logger->log(this->logger, ERROR|LEVEL1, "Ignoring Payload %s (%d)",
+ mapping_find(payload_type_m, payload->get_type(payload)),
+ payload->get_type(payload));
+ break;
+ }
+ }
+ }
+ /* iterator can be destroyed */
+ payloads->destroy(payloads);
+
+ if (delete_request)
+ {
+ if (delete_request->get_protocol_id(delete_request) == PROTO_IKE)
+ {
+ this->logger->log(this->logger, CONTROL, "DELETE request for IKE_SA received");
+ if (send_response(this, response) != SUCCESS)
+ {
+ /* something is seriously wrong, kill connection */
+ this->logger->log(this->logger, AUDIT, "Unable to send reply. Deleting IKE_SA");
+ response->destroy(response);
+ }
+ /* switch to delete_requested. This is not absolutly correct, but we
+ * allow the clean destruction of an SA only in this state. */
+ old_state = this->current_state;
+ set_new_state(this, (state_t*)delete_requested_create(this));
+ old_state->destroy(old_state);
+ return DESTROY_ME;
+ }
+ else
+ {
+ this->logger->log(this->logger, CONTROL, "DELETE request for CHILD_SA received. Ignored");
+ response->destroy(response);
+ return FAILED;
+ }
+ }
+ return SUCCESS;
+}
+
+
+/**
+ * Process an informational request
+ */
+static status_t process_create_child_sa(private_ike_sa_t *this, message_t *request)
+{
+
+}
+
+/**
+ * Implementation of ike_sa_t.process_message.
+ */
+static status_t process_message(private_ike_sa_t *this, message_t *message)
+{
+ u_int32_t message_id;
+ exchange_type_t exchange_type;
+ bool is_request;
+ status_t status;
+ crypter_t *crypter;
+ signer_t *signer;
+
+ /* Find out type of message (request or response) */
+ is_request = message->get_request(message);
+ exchange_type = message->get_exchange_type(message);
+
+ this->logger->log(this->logger, CONTROL|LEVEL1, "Process %s of exchange type %s",
+ (is_request) ? "request" : "response",
+ mapping_find(exchange_type_m, exchange_type));
+
+ message_id = message->get_message_id(message);
+
+ /* check if message already received, and retransmit its reply */
+ if (is_request && (message_id == (this->message_id_in - 1)))
+ {
+ /* resend last message, if any */
+ if (this->last_responded_message)
+ {
+ packet_t *packet = this->last_responded_message->get_packet(this->last_responded_message);
+ this->logger->log(this->logger, CONTROL|LEVEL1, "Resent request detected. Send stored reply.");
+ charon->send_queue->add(charon->send_queue, packet);
+ return SUCCESS;
+ }
+ else
+ {
+ /* somebody does something nasty here... */
+ return FAILED;
+ }
+ }
+
+ /* Now, the message id is checked for request AND reply */
+ if (is_request)
+ {
+ /* In a request, the message has to be this->message_id_in (other case is already handled) */
+ if (message_id != this->message_id_in)
+ {
+ this->logger->log(this->logger, ERROR | LEVEL1,
+ "Message request with message id %d received, but %d expected",
+ message_id,this->message_id_in);
+ return FAILED;
+ }
+ }
+ else
+ {
+ /* In a reply, the message has to be this->message_id_out -1 cause it is the reply to the last sent message*/
+ if (message_id != (this->message_id_out - 1))
+ {
+ this->logger->log(this->logger, ERROR | LEVEL1,
+ "Message reply with message id %d received, but %d expected",
+ message_id,this->message_id_in);
+ return FAILED;
+ }
+ }
+
+ if (this->current_state->get_state(this->current_state) == IKE_SA_ESTABLISHED)
+ {
+ if (is_request)
+ {
+ /* get signer for verification and crypter for decryption */
+ if (!this->ike_sa_id->is_initiator(this->ike_sa_id))
+ {
+ crypter = this->crypter_initiator;
+ signer = this->signer_initiator;
+ }
+ else
+ {
+ crypter = this->crypter_responder;
+ signer = this->signer_responder;
+ }
+
+ /* parse incoming message */
+ status = message->parse_body(message, crypter, signer);
+ if (status != SUCCESS)
+ {
+ this->logger->log(this->logger, AUDIT, "%s request decryption failed. Ignoring message",
+ mapping_find(exchange_type_m, message->get_exchange_type(message)));
+ return status;
+ }
+ switch (message->get_exchange_type(message))
+ {
+ case CREATE_CHILD_SA:
+ return process_create_child_sa(this, message);
+ case INFORMATIONAL:
+ return process_informational(this, message);
+ default:
+ this->logger->log(this->logger, CONTROL,
+ "Received a %s request, ignored",
+ mapping_find(exchange_type_m, exchange_type));
+ }
+ }
+ else
+ {
+ this->logger->log(this->logger, ERROR|LEVEL1,
+ "Received an unexpected %s response, ignored",
+ mapping_find(exchange_type_m, exchange_type));
+ }
+ return FAILED;
+ }
+ else
+ {
+ /* now the message is processed by the current state object.
+ * The specific state object is responsible to check if a message can be received in
+ * the state it represents.
+ * The current state is also responsible to change the state object to the next state
+ * by calling protected_ike_sa_t.set_new_state
+ */
+ return this->current_state->process_message(this->current_state, message);
+ }
+}
+
+/**
+ * Implementation of protected_ike_sa_t.initiate_connection.
+ */
+static status_t initiate_connection(private_ike_sa_t *this, connection_t *connection)
+{
+ initiator_init_t *current_state;
+
+ /* Work is done in state object of type INITIATOR_INIT. All other states are not
+ * initial states and so don't have a initiate_connection function */
+
+ if (this->current_state->get_state(this->current_state) != INITIATOR_INIT)
+ {
+ return FAILED;
+ }
+
+ current_state = (initiator_init_t *) this->current_state;
+
+ return current_state->initiate_connection(current_state, connection);
+}
+
+/**
* Implementation of ike_sa_t.get_child_sa.
*/
static child_sa_t *get_child_sa(private_ike_sa_t *this, u_int32_t reqid)
@@ -909,6 +1015,83 @@ static child_sa_t *get_child_sa(private_ike_sa_t *this, u_int32_t reqid)
}
/**
+ * Implementation of ike_sa_t.delete_child_sa.
+ */
+static status_t delete_child_sa(private_ike_sa_t *this, u_int32_t reqid)
+{
+ return NOT_FOUND;
+}
+
+/**
+ * Implementation of ike_sa_t.rekey_child_sa.
+ */
+static status_t rekey_child_sa(private_ike_sa_t *this, u_int32_t reqid)
+{
+ message_t *request;
+ child_sa_t *child_sa;
+ notify_payload_t *notify;
+ sa_payload_t *sa_payload;
+ ts_payload_t *tsi_payload, *tsr_payload;
+ nonce_payload_t *nonce_payload;
+ policy_t *policy;
+ randomizer_t *randomizer;
+ linked_list_t *proposals;
+ chunk_t nonce;
+ linked_list_t *my_ts, *other_ts;
+ state_t *old_state;
+
+ if (this->current_state->get_state(this->current_state) != IKE_SA_ESTABLISHED)
+ {
+ this->logger->log(this->logger, ERROR|LEVEL1,
+ "Rekeying of an IKE_SA not in state IKE_SA_ESTABLISHED, aborting", reqid);
+ return FAILED;
+ }
+
+ child_sa = get_child_sa(this, reqid);
+ if (child_sa == NULL)
+ {
+ this->logger->log(this->logger, ERROR|LEVEL1,
+ "IKE_SA does not contain a CHILD_SA with reqid %d", reqid);
+ return FAILED;
+ }
+
+ build_message(this, CREATE_CHILD_SA, TRUE, &request);
+ notify = notify_payload_create_from_protocol_and_type(
+ child_sa->get_protocol(child_sa), REKEY_SA);
+ notify->set_spi(notify, child_sa->get_spi(child_sa, TRUE));
+ request->add_payload(request, (payload_t*)notify);
+
+ proposals = this->policy->get_proposals(this->policy);
+ sa_payload = sa_payload_create_from_proposal_list(proposals);
+ request->add_payload(request, (payload_t*)sa_payload);
+
+ nonce_payload = nonce_payload_create();
+ if (this->randomizer->allocate_pseudo_random_bytes(this->randomizer,
+ NONCE_SIZE, &nonce))
+ {
+ request->destroy(request);
+ return FAILED;
+ }
+ nonce_payload->set_nonce(nonce_payload, nonce);
+ request->add_payload(request, (payload_t*)nonce_payload);
+
+ my_ts = this->policy->get_my_traffic_selectors(this->policy);
+ other_ts = this->policy->get_my_traffic_selectors(this->policy);
+ tsi_payload = ts_payload_create_from_traffic_selectors(TRUE, my_ts);
+ tsr_payload = ts_payload_create_from_traffic_selectors(FALSE, other_ts);
+ request->add_payload(request, (payload_t*)tsi_payload);
+ request->add_payload(request, (payload_t*)tsr_payload);
+
+ send_request(this, request);
+
+ old_state = this->current_state;
+ set_new_state(this, (state_t*)create_child_sa_requested_create(&this->protected, nonce));
+ old_state->destroy(old_state);
+
+ return SUCCESS;
+}
+
+/**
* Implementation of protected_ike_sa_t.reset_message_buffers.
*/
static void reset_message_buffers(private_ike_sa_t *this)
@@ -1125,7 +1308,6 @@ static void destroy(private_ike_sa_t *this)
this->ike_sa_id->destroy(this->ike_sa_id);
this->randomizer->destroy(this->randomizer);
this->current_state->destroy(this->current_state);
-
free(this);
}
@@ -1135,10 +1317,12 @@ static void destroy(private_ike_sa_t *this)
ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id)
{
private_ike_sa_t *this = malloc_thing(private_ike_sa_t);
-
+
/* Public functions */
this->protected.public.process_message = (status_t(*)(ike_sa_t*, message_t*)) process_message;
this->protected.public.initiate_connection = (status_t(*)(ike_sa_t*,connection_t*)) initiate_connection;
+ this->protected.public.delete_child_sa = (status_t(*)(ike_sa_t*,u_int32_t)) delete_child_sa;
+ this->protected.public.rekey_child_sa = (status_t(*)(ike_sa_t*,u_int32_t)) rekey_child_sa;
this->protected.public.get_child_sa = (child_sa_t*(*)(ike_sa_t*,u_int32_t))get_child_sa;
this->protected.public.get_id = (ike_sa_id_t*(*)(ike_sa_t*)) get_id;
this->protected.public.get_my_host = (host_t*(*)(ike_sa_t*)) get_my_host;
@@ -1153,7 +1337,7 @@ ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id)
this->protected.public.destroy = (void(*)(ike_sa_t*))destroy;
/* protected functions */
- this->protected.build_message = (void (*) (protected_ike_sa_t *, exchange_type_t , bool , message_t **)) build_message;
+ this->protected.build_message = (void (*) (protected_ike_sa_t *, exchange_type_t,bool,message_t**)) build_message;
this->protected.get_prf = (prf_t *(*) (protected_ike_sa_t *)) get_prf;
this->protected.get_child_prf = (prf_t *(*) (protected_ike_sa_t *)) get_child_prf;
this->protected.get_prf_auth_i = (prf_t *(*) (protected_ike_sa_t *)) get_prf_auth_i;