aboutsummaryrefslogtreecommitdiffstats
path: root/src/charon/sa/tasks/ike_init.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/charon/sa/tasks/ike_init.c')
-rw-r--r--src/charon/sa/tasks/ike_init.c94
1 files changed, 47 insertions, 47 deletions
diff --git a/src/charon/sa/tasks/ike_init.c b/src/charon/sa/tasks/ike_init.c
index a64ec3d53..7968c265d 100644
--- a/src/charon/sa/tasks/ike_init.c
+++ b/src/charon/sa/tasks/ike_init.c
@@ -35,67 +35,67 @@ typedef struct private_ike_init_t private_ike_init_t;
* Private members of a ike_init_t task.
*/
struct private_ike_init_t {
-
+
/**
* Public methods and task_t interface.
*/
ike_init_t public;
-
+
/**
* Assigned IKE_SA.
*/
ike_sa_t *ike_sa;
-
+
/**
* Are we the initiator?
*/
bool initiator;
-
+
/**
* IKE config to establish
*/
ike_cfg_t *config;
-
+
/**
* diffie hellman group to use
*/
diffie_hellman_group_t dh_group;
-
+
/**
* diffie hellman key exchange
*/
diffie_hellman_t *dh;
-
+
/**
* Keymat derivation (from IKE_SA)
*/
keymat_t *keymat;
-
+
/**
* nonce chosen by us
*/
chunk_t my_nonce;
-
+
/**
* nonce chosen by peer
*/
chunk_t other_nonce;
-
+
/**
* Negotiated proposal used for IKE_SA
*/
proposal_t *proposal;
-
+
/**
* Old IKE_SA which gets rekeyed
*/
ike_sa_t *old_sa;
-
+
/**
* cookie received from responder
*/
chunk_t cookie;
-
+
/**
* retries done so far after failure (cookie or bad dh group)
*/
@@ -114,9 +114,9 @@ static void build_payloads(private_ike_init_t *this, message_t *message)
ike_sa_id_t *id;
proposal_t *proposal;
iterator_t *iterator;
-
+
id = this->ike_sa->get_id(this->ike_sa);
-
+
this->config = this->ike_sa->get_ike_cfg(this->ike_sa);
if (this->initiator)
@@ -132,7 +132,7 @@ static void build_payloads(private_ike_init_t *this, message_t *message)
}
iterator->destroy(iterator);
}
-
+
sa_payload = sa_payload_create_from_proposal_list(proposal_list);
proposal_list->destroy_offset(proposal_list, offsetof(proposal_t, destroy));
}
@@ -146,11 +146,11 @@ static void build_payloads(private_ike_init_t *this, message_t *message)
sa_payload = sa_payload_create_from_proposal(this->proposal);
}
message->add_payload(message, (payload_t*)sa_payload);
-
+
nonce_payload = nonce_payload_create();
nonce_payload->set_nonce(nonce_payload, this->my_nonce);
ke_payload = ke_payload_create_from_diffie_hellman(this->dh);
-
+
if (this->old_sa)
{ /* payload order differs if we are rekeying */
message->add_payload(message, (payload_t*)nonce_payload);
@@ -170,7 +170,7 @@ static void process_payloads(private_ike_init_t *this, message_t *message)
{
enumerator_t *enumerator;
payload_t *payload;
-
+
enumerator = message->create_payload_enumerator(message);
while (enumerator->enumerate(enumerator, &payload))
{
@@ -180,7 +180,7 @@ static void process_payloads(private_ike_init_t *this, message_t *message)
{
sa_payload_t *sa_payload = (sa_payload_t*)payload;
linked_list_t *proposal_list;
-
+
proposal_list = sa_payload->get_proposals(sa_payload);
this->proposal = this->config->select_proposal(this->config,
proposal_list);
@@ -191,7 +191,7 @@ static void process_payloads(private_ike_init_t *this, message_t *message)
case KEY_EXCHANGE:
{
ke_payload_t *ke_payload = (ke_payload_t*)payload;
-
+
this->dh_group = ke_payload->get_dh_group_number(ke_payload);
if (!this->initiator)
{
@@ -232,20 +232,20 @@ static void process_payloads(private_ike_init_t *this, message_t *message)
static status_t build_i(private_ike_init_t *this, message_t *message)
{
rng_t *rng;
-
+
this->config = this->ike_sa->get_ike_cfg(this->ike_sa);
DBG0(DBG_IKE, "initiating IKE_SA %s[%d] to %H",
this->ike_sa->get_name(this->ike_sa),
this->ike_sa->get_unique_id(this->ike_sa),
this->ike_sa->get_other_host(this->ike_sa));
this->ike_sa->set_state(this->ike_sa, IKE_CONNECTING);
-
+
if (this->retry++ >= MAX_RETRIES)
{
DBG1(DBG_IKE, "giving up after %d retries", MAX_RETRIES);
return FAILED;
}
-
+
/* if the DH group is set via use_dh_group(), we already have a DH object */
if (!this->dh)
{
@@ -258,7 +258,7 @@ static status_t build_i(private_ike_init_t *this, message_t *message)
return FAILED;
}
}
-
+
/* generate nonce only when we are trying the first time */
if (this->my_nonce.ptr == NULL)
{
@@ -271,12 +271,12 @@ static status_t build_i(private_ike_init_t *this, message_t *message)
rng->allocate_bytes(rng, NONCE_SIZE, &this->my_nonce);
rng->destroy(rng);
}
-
+
if (this->cookie.ptr)
{
message->add_notify(message, FALSE, COOKIE, this->cookie);
}
-
+
build_payloads(this, message);
#ifdef ME
@@ -288,7 +288,7 @@ static status_t build_i(private_ike_init_t *this, message_t *message)
}
}
#endif /* ME */
-
+
return NEED_MORE;
}
@@ -298,7 +298,7 @@ static status_t build_i(private_ike_init_t *this, message_t *message)
static status_t process_r(private_ike_init_t *this, message_t *message)
{
rng_t *rng;
-
+
this->config = this->ike_sa->get_ike_cfg(this->ike_sa);
DBG0(DBG_IKE, "%H is initiating an IKE_SA", message->get_source(message));
this->ike_sa->set_state(this->ike_sa, IKE_CONNECTING);
@@ -311,7 +311,7 @@ static status_t process_r(private_ike_init_t *this, message_t *message)
}
rng->allocate_bytes(rng, NONCE_SIZE, &this->my_nonce);
rng->destroy(rng);
-
+
#ifdef ME
{
notify_payload_t *notify = message->get_notify(message, ME_CONNECTID);
@@ -324,9 +324,9 @@ static status_t process_r(private_ike_init_t *this, message_t *message)
}
}
#endif /* ME */
-
+
process_payloads(this, message);
-
+
return NEED_MORE;
}
@@ -340,7 +340,7 @@ static bool derive_keys(private_ike_init_t *this,
pseudo_random_function_t prf_alg = PRF_UNDEFINED;
chunk_t skd = chunk_empty;
ike_sa_id_t *id;
-
+
id = this->ike_sa->get_id(this->ike_sa);
if (this->old_sa)
{
@@ -380,12 +380,12 @@ static status_t build_r(private_ike_init_t *this, message_t *message)
return FAILED;
}
this->ike_sa->set_proposal(this->ike_sa, this->proposal);
-
+
if (this->dh == NULL ||
!this->proposal->has_dh_group(this->proposal, this->dh_group))
{
u_int16_t group;
-
+
if (this->proposal->get_algorithm(this->proposal, DIFFIE_HELLMAN_GROUP,
&group, NULL))
{
@@ -403,7 +403,7 @@ static status_t build_r(private_ike_init_t *this, message_t *message)
}
return FAILED;
}
-
+
if (!derive_keys(this, this->other_nonce, this->my_nonce))
{
DBG1(DBG_IKE, "key derivation failed");
@@ -421,7 +421,7 @@ static status_t process_i(private_ike_init_t *this, message_t *message)
{
enumerator_t *enumerator;
payload_t *payload;
-
+
/* check for erronous notifies */
enumerator = message->create_payload_enumerator(message);
while (enumerator->enumerate(enumerator, &payload))
@@ -430,26 +430,26 @@ static status_t process_i(private_ike_init_t *this, message_t *message)
{
notify_payload_t *notify = (notify_payload_t*)payload;
notify_type_t type = notify->get_notify_type(notify);
-
+
switch (type)
{
case INVALID_KE_PAYLOAD:
{
chunk_t data;
diffie_hellman_group_t bad_group;
-
+
bad_group = this->dh_group;
data = notify->get_notification_data(notify);
this->dh_group = ntohs(*((u_int16_t*)data.ptr));
DBG1(DBG_IKE, "peer didn't accept DH group %N, "
"it requested %N", diffie_hellman_group_names,
bad_group, diffie_hellman_group_names, this->dh_group);
-
+
if (this->old_sa == NULL)
{ /* reset the IKE_SA if we are not rekeying */
this->ike_sa->reset(this->ike_sa);
}
-
+
enumerator->destroy(enumerator);
return NEED_MORE;
}
@@ -486,7 +486,7 @@ static status_t process_i(private_ike_init_t *this, message_t *message)
}
}
enumerator->destroy(enumerator);
-
+
process_payloads(this, message);
/* check if we have everything */
@@ -497,14 +497,14 @@ static status_t process_i(private_ike_init_t *this, message_t *message)
return FAILED;
}
this->ike_sa->set_proposal(this->ike_sa, this->proposal);
-
+
if (this->dh == NULL ||
!this->proposal->has_dh_group(this->proposal, this->dh_group))
{
DBG1(DBG_IKE, "peer DH group selection invalid");
return FAILED;
}
-
+
if (!derive_keys(this, this->my_nonce, this->other_nonce))
{
DBG1(DBG_IKE, "key derivation failed");
@@ -544,7 +544,7 @@ static void migrate(private_ike_init_t *this, ike_sa_t *ike_sa)
{
DESTROY_IF(this->proposal);
chunk_free(&this->other_nonce);
-
+
this->ike_sa = ike_sa;
this->proposal = NULL;
DESTROY_IF(this->dh);
@@ -585,7 +585,7 @@ ike_init_t *ike_init_create(ike_sa_t *ike_sa, bool initiator, ike_sa_t *old_sa)
this->public.task.build = (status_t(*)(task_t*,message_t*))build_r;
this->public.task.process = (status_t(*)(task_t*,message_t*))process_r;
}
-
+
this->ike_sa = ike_sa;
this->initiator = initiator;
this->dh_group = MODP_NONE;
@@ -598,6 +598,6 @@ ike_init_t *ike_init_create(ike_sa_t *ike_sa, bool initiator, ike_sa_t *old_sa)
this->config = NULL;
this->old_sa = old_sa;
this->retry = 0;
-
+
return &this->public;
}
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-18 14:58:06 +0000