/** * @file ike_sa.c * * @brief Implementation of ike_sa_t. * */ /* * Copyright (C) 2005 Jan Hutter, Martin Willi * Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the * Free Software Foundation; either version 2 of the License, or (at your * option) any later version. See . * * This program is distributed in the hope that it will be useful, but * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. */ #include "ike_sa.h" #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include typedef struct private_ike_sa_t private_ike_sa_t; /** * Private data of an ike_sa_t object. */ struct private_ike_sa_t { /** * Protected part of a ike_sa_t object. */ protected_ike_sa_t protected; /** * Creates a job to delete the given IKE_SA. * * @param this calling object */ status_t (*create_delete_job) (private_ike_sa_t *this); /** * Resends the last sent reply. * * @param this calling object */ status_t (*resend_last_reply) (private_ike_sa_t *this); /* private values */ /** * Identifier for the current IKE_SA */ ike_sa_id_t *ike_sa_id; /** * Linked List containing the child sa's of the current IKE_SA */ linked_list_t *child_sas; /** * TODO */ init_config_t *init_config; /** * TODO */ sa_config_t *sa_config; /** * Current state of the IKE_SA */ state_t *current_state; /** * this SA's source for random data */ randomizer_t *randomizer; /** * contains the last responded message * */ message_t *last_responded_message; /** * contains the last requested message * */ message_t *last_requested_message; /** * Informations of this host */ struct { host_t *host; } me; /** * Informations of the other host */ struct { host_t *host; } other; /** * Crypter object for initiator */ crypter_t *crypter_initiator; /** * Crypter object for responder */ crypter_t *crypter_responder; /** * Signer object for initiator */ signer_t *signer_initiator; /** * Signer object for responder */ signer_t *signer_responder; /** * prf function */ prf_t *prf; /** * Shared secrets */ struct { /** * Key used for deriving other keys */ chunk_t d_key; /** * Key for authenticate (initiator) */ chunk_t ai_key; /** * Key for authenticate (responder) */ chunk_t ar_key; /** * Key for encryption (initiator) */ chunk_t ei_key; /** * Key for encryption (responder) */ chunk_t er_key; /** * Key for generating auth payload (initiator) */ chunk_t pi_key; /** * Key for generating auth payload (responder) */ chunk_t pr_key; } secrets; /** * next message id to receive. */ u_int32_t message_id_in; /** * next message id to send. */ u_int32_t message_id_out; /** * Last message id which was successfully replied. */ u_int32_t last_replied_message_id; /** * a logger for this IKE_SA */ logger_t *logger; }; /** * Implements protected_ike_sa_t.process_message. */ static status_t process_message (private_ike_sa_t *this, message_t *message) { u_int32_t message_id; exchange_type_t exchange_type; bool is_request; /* we must process each request or response from remote host */ /* find out type of message (request or response) */ is_request = message->get_request(message); exchange_type = message->get_exchange_type(message); this->logger->log(this->logger, CONTROL, "Process %s message of exchange type %s",(is_request) ? "REQUEST" : "RESPONSE",mapping_find(exchange_type_m,exchange_type)); message_id = message->get_message_id(message); /* * It has to be checked, if the message has to be resent cause of lost packets! */ if (is_request && (message_id == (this->message_id_in - 1))) { /* message can be resent ! */ this->logger->log(this->logger, CONTROL|MORE, "Resent message detected. Send stored reply"); return (this->resend_last_reply(this)); } /* Now, the message id is checked for request AND reply */ if (is_request) { /* In a request, the message has to be this->message_id_in (other case is already handled) */ if (message_id != this->message_id_in) { this->logger->log(this->logger, ERROR | MORE, "Message request with message id %d received, but %d expected",message_id,this->message_id_in); return FAILED; } } else { /* In a reply, the message has to be this->message_id_out -1 cause it is the reply to the last sent message*/ if (message_id != (this->message_id_out - 1)) { this->logger->log(this->logger, ERROR | MORE, "Message reply with message id %d received, but %d expected",message_id,this->message_id_in); return FAILED; } } /* now the message is processed by the current state object */ /* the current state does change the current change to the next one*/ return this->current_state->process_message(this->current_state,message); } /** * Implements protected_ike_sa_t.build_message. */ static void build_message(private_ike_sa_t *this, exchange_type_t type, bool request, message_t **message) { message_t *new_message; host_t *source, *destination; this->logger->log(this->logger, CONTROL|MORE, "build empty message"); new_message = message_create(); source = this->me.host->clone(this->me.host); destination = this->other.host->clone(this->other.host); new_message->set_source(new_message, source); new_message->set_destination(new_message, destination); new_message->set_exchange_type(new_message, type); new_message->set_request(new_message, request); new_message->set_message_id(new_message, (request) ? this->message_id_out : this->message_id_in); new_message->set_ike_sa_id(new_message, this->ike_sa_id); *message = new_message; } /** * Implements protected_ike_sa_t.process_configuration. */ static status_t initialize_connection(private_ike_sa_t *this, char *name) { /* work is done in state object of type INITIATOR_INIT */ initiator_init_t *current_state; status_t status; if (this->current_state->get_state(this->current_state) != INITIATOR_INIT) { return FAILED; } current_state = (initiator_init_t *) this->current_state; status = current_state->initiate_connection(current_state,name); return status; } /** * Implements protected_ike_sa_t.get_id. */ static ike_sa_id_t* get_id(private_ike_sa_t *this) { return this->ike_sa_id; } /** * Implements protected_ike_sa_t.compute_secrets. */ static void compute_secrets(private_ike_sa_t *this,chunk_t dh_shared_secret,chunk_t initiator_nonce, chunk_t responder_nonce) { chunk_t concatenated_nonces; chunk_t skeyseed; chunk_t prf_plus_seed; u_int64_t initiator_spi; u_int64_t responder_spi; prf_plus_t *prf_plus; /* * TODO check length for specific prf's */ concatenated_nonces.len = (initiator_nonce.len + responder_nonce.len); concatenated_nonces.ptr = allocator_alloc(concatenated_nonces.len); /* first is initiator */ memcpy(concatenated_nonces.ptr,initiator_nonce.ptr,initiator_nonce.len); /* second is responder */ memcpy(concatenated_nonces.ptr + initiator_nonce.len,responder_nonce.ptr,responder_nonce.len); this->logger->log_chunk(this->logger, RAW, "Nonce data", &concatenated_nonces); /* status of set_key is not checked */ this->prf->set_key(this->prf,concatenated_nonces); this->prf->allocate_bytes(this->prf,dh_shared_secret,&skeyseed); allocator_free_chunk(&concatenated_nonces); prf_plus_seed.len = (initiator_nonce.len + responder_nonce.len + 16); prf_plus_seed.ptr = allocator_alloc(prf_plus_seed.len); /* first is initiator */ memcpy(prf_plus_seed.ptr,initiator_nonce.ptr,initiator_nonce.len); /* second is responder */ memcpy(prf_plus_seed.ptr + initiator_nonce.len,responder_nonce.ptr,responder_nonce.len); /* third is initiator spi */ initiator_spi = this->ike_sa_id->get_initiator_spi(this->ike_sa_id); memcpy(prf_plus_seed.ptr + initiator_nonce.len + responder_nonce.len,&initiator_spi,8); /* fourth is responder spi */ responder_spi = this->ike_sa_id->get_responder_spi(this->ike_sa_id); memcpy(prf_plus_seed.ptr + initiator_nonce.len + responder_nonce.len + 8,&responder_spi,8); this->logger->log_chunk(this->logger, PRIVATE | MORE, "Keyseed", &skeyseed); this->logger->log_chunk(this->logger, PRIVATE | MORE, "PRF+ Seed", &prf_plus_seed); this->logger->log(this->logger, CONTROL | MOST, "Set new key of prf object"); this->prf->set_key(this->prf,skeyseed); allocator_free_chunk(&skeyseed); this->logger->log(this->logger, CONTROL | MOST, "Create new prf+ object"); prf_plus = prf_plus_create(this->prf, prf_plus_seed); allocator_free_chunk(&prf_plus_seed); prf_plus->allocate_bytes(prf_plus,this->prf->get_block_size(this->prf),&(this->secrets.d_key)); this->logger->log_chunk(this->logger, PRIVATE, "Sk_d secret", &(this->secrets.d_key)); prf_plus->allocate_bytes(prf_plus,this->signer_initiator->get_key_size(this->signer_initiator),&(this->secrets.ai_key)); this->logger->log_chunk(this->logger, PRIVATE, "Sk_ai secret", &(this->secrets.ai_key)); this->signer_initiator->set_key(this->signer_initiator,this->secrets.ai_key); prf_plus->allocate_bytes(prf_plus,this->signer_responder->get_key_size(this->signer_responder),&(this->secrets.ar_key)); this->logger->log_chunk(this->logger, PRIVATE, "Sk_ar secret", &(this->secrets.ar_key)); this->signer_responder->set_key(this->signer_responder,this->secrets.ar_key); prf_plus->allocate_bytes(prf_plus,this->crypter_initiator->get_block_size(this->crypter_initiator),&(this->secrets.ei_key)); this->logger->log_chunk(this->logger, PRIVATE, "Sk_ei secret", &(this->secrets.ei_key)); this->crypter_initiator->set_key(this->crypter_initiator,this->secrets.ei_key); prf_plus->allocate_bytes(prf_plus,this->crypter_responder->get_block_size(this->crypter_responder),&(this->secrets.er_key)); this->logger->log_chunk(this->logger, PRIVATE, "Sk_er secret", &(this->secrets.er_key)); this->crypter_responder->set_key(this->crypter_responder,this->secrets.er_key); prf_plus->allocate_bytes(prf_plus,this->crypter_responder->get_block_size(this->crypter_responder),&(this->secrets.pi_key)); this->logger->log_chunk(this->logger, PRIVATE, "Sk_pi secret", &(this->secrets.pi_key)); prf_plus->allocate_bytes(prf_plus,this->crypter_responder->get_block_size(this->crypter_responder),&(this->secrets.pr_key)); this->logger->log_chunk(this->logger, PRIVATE, "Sk_pr secret", &(this->secrets.pr_key)); prf_plus->destroy(prf_plus); } /** * Implementation of private_ike_sa_t.resend_last_reply. */ static status_t resend_last_reply(private_ike_sa_t *this) { packet_t *packet; packet = this->last_responded_message->get_packet(this->last_responded_message); charon->send_queue->add(charon->send_queue, packet); return SUCCESS; } /** * Implementation of ike_sa_t.retransmit_request. */ status_t retransmit_request (private_ike_sa_t *this, u_int32_t message_id) { packet_t *packet; if ((this->message_id_out -1) != message_id) { return NOT_FOUND; } if (message_id == this->last_replied_message_id) { return NOT_FOUND; } if (this->last_requested_message == NULL) { return NOT_FOUND; } packet = this->last_requested_message->get_packet(this->last_requested_message); charon->send_queue->add(charon->send_queue, packet); return SUCCESS; } /** * Implements protected_ike_sa_t.resend_last_reply. */ static status_t create_delete_job(private_ike_sa_t *this) { job_t *delete_job; this->logger->log(this->logger, CONTROL | MORE, "Going to create job to delete this IKE_SA"); delete_job = (job_t *) delete_ike_sa_job_create(this->ike_sa_id); charon->job_queue->add(charon->job_queue,delete_job); return SUCCESS; } /** * Implementation of protected_ike_sa_t.set_new_state. */ static void set_new_state (private_ike_sa_t *this, state_t *state) { this->logger->log(this->logger, CONTROL, "Change current state %s to %s",mapping_find(ike_sa_state_m,this->current_state->get_state(this->current_state)),mapping_find(ike_sa_state_m,state->get_state(state))); this->current_state = state; } /** * Implementation of protected_ike_sa_t.get_logger. */ static logger_t *get_logger (private_ike_sa_t *this) { return this->logger; } /** * Implementation of protected_ike_sa_t.get_my_host. */ static host_t *get_my_host (private_ike_sa_t *this) { return this->me.host; } /** * Implementation of protected_ike_sa_t.get_other_host. */ static host_t *get_other_host (private_ike_sa_t *this) { return this->other.host; } /** * Implementation of protected_ike_sa_t.get_init_config. */ static init_config_t *get_init_config (private_ike_sa_t *this) { return this->init_config; } /** * Implementation of protected_ike_sa_t.set_init_config. */ static void set_init_config (private_ike_sa_t *this,init_config_t * init_config) { this->init_config = init_config; } /** * Implementation of protected_ike_sa_t.get_sa_config. */ static sa_config_t *get_sa_config (private_ike_sa_t *this) { return this->sa_config; } /** * Implementation of protected_ike_sa_t.set_sa_config. */ static void set_sa_config (private_ike_sa_t *this,sa_config_t * sa_config) { this->sa_config = sa_config; } /** * Implementation of protected_ike_sa_t.set_my_host. */ static void set_my_host (private_ike_sa_t *this, host_t *my_host) { this->me.host = my_host; } /** * Implementation of protected_ike_sa_t.set_other_host. */ static void set_other_host (private_ike_sa_t *this, host_t *other_host) { this->other.host = other_host; } /** * Implementation of protected_ike_sa_t.set_prf. */ static status_t create_transforms_from_proposal (private_ike_sa_t *this,ike_proposal_t *proposal) { this->logger->log(this->logger, CONTROL|MORE, "Going to create transform objects for proposal"); this->logger->log(this->logger, CONTROL|MORE, "Encryption algorithm: %s with keylength %d",mapping_find(encryption_algorithm_m,proposal->encryption_algorithm),proposal->encryption_algorithm_key_length); this->logger->log(this->logger, CONTROL|MORE, "integrity algorithm: %s with keylength %d",mapping_find(integrity_algorithm_m,proposal->integrity_algorithm),proposal->integrity_algorithm_key_length); this->logger->log(this->logger, CONTROL|MORE, "prf: %s with keylength %d",mapping_find(pseudo_random_function_m,proposal->pseudo_random_function),proposal->pseudo_random_function_key_length); if (this->prf != NULL) { this->prf->destroy(this->prf); } this->prf = prf_create(proposal->pseudo_random_function); if (this->prf == NULL) { this->logger->log(this->logger, ERROR|MORE, "prf not supported!"); return FAILED; } if (this->crypter_initiator != NULL) { this->crypter_initiator->destroy(this->crypter_initiator); } this->crypter_initiator = crypter_create(proposal->encryption_algorithm,proposal->encryption_algorithm_key_length); if (this->crypter_initiator == NULL) { this->logger->log(this->logger, ERROR|MORE, "encryption algorithm not supported!"); return FAILED; } if (this->crypter_responder != NULL) { this->crypter_responder->destroy(this->crypter_responder); } this->crypter_responder = crypter_create(proposal->encryption_algorithm,proposal->encryption_algorithm_key_length); if (this->crypter_responder == NULL) { this->logger->log(this->logger, ERROR|MORE, "encryption algorithm not supported!"); return FAILED; } if (this->signer_initiator != NULL) { this->signer_initiator->destroy(this->signer_initiator); } this->signer_initiator = signer_create(proposal->integrity_algorithm); if (this->signer_initiator == NULL) { this->logger->log(this->logger, ERROR|MORE, "integrity algorithm not supported!"); return FAILED; } if (this->signer_responder != NULL) { this->signer_responder->destroy(this->signer_responder); } this->signer_responder = signer_create(proposal->integrity_algorithm); if (this->signer_responder == NULL) { this->logger->log(this->logger, ERROR|MORE, "integrity algorithm not supported!"); return FAILED; } return SUCCESS; } /** * Implementation of protected_ike_sa_t.get_randomizer. */ static randomizer_t *get_randomizer (private_ike_sa_t *this) { return this->randomizer; } /** * Implementation of protected_ike_sa_t.get_crypter_initiator. */ static crypter_t *get_crypter_initiator (private_ike_sa_t *this) { return this->crypter_initiator; } /** * Implementation of protected_ike_sa_t.get_signer_initiator. */ static signer_t *get_signer_initiator (private_ike_sa_t *this) { return this->signer_initiator; } /** * Implementation of protected_ike_sa_t.get_crypter_responder. */ static crypter_t *get_crypter_responder(private_ike_sa_t *this) { return this->crypter_responder; } /** * Implementation of protected_ike_sa_t.get_signer_responder. */ static signer_t *get_signer_responder (private_ike_sa_t *this) { return this->signer_responder; } /** * Implementation of protected_ike_sa_t.send_request. */ static status_t send_request (private_ike_sa_t *this,message_t * message) { packet_t *packet; status_t status; retransmit_request_job_t *retransmit_job; u_int32_t timeout; if (message->get_message_id(message) != this->message_id_out) { this->logger->log(this->logger, ERROR, "Message could not be sent cause id was not as expected"); return FAILED; } /* generate packet */ this->logger->log(this->logger, CONTROL|MOST, "Generate packet from message"); status = message->generate(message, this->crypter_initiator,this->signer_initiator, &packet); if (status != SUCCESS) { this->logger->log(this->logger, ERROR, "Could not generate packet from message"); return FAILED; } this->logger->log(this->logger, CONTROL|MOST, "Add packet to global send queue"); charon->send_queue->add(charon->send_queue, packet); if (this->last_requested_message != NULL) { /* destroy message */ this->last_requested_message->destroy(this->last_requested_message); } this->logger->log(this->logger, CONTROL|MOST, "replace last requested message with new one"); this->last_requested_message = message; retransmit_job = retransmit_request_job_create(this->message_id_out,this->ike_sa_id); status = charon->configuration_manager->get_retransmit_timeout (charon->configuration_manager,retransmit_job->get_retransmit_count(retransmit_job),&timeout); if (status != SUCCESS) { this->logger->log(this->logger, CONTROL|MOST, "No retransmit job for message created!"); retransmit_job->destroy(retransmit_job); } else { this->logger->log(this->logger, CONTROL|MOST, "Request will be retransmitted in %d ms.",timeout); charon->event_queue->add_relative(charon->event_queue,(job_t *) retransmit_job,timeout); } /* message counter can now be increased */ this->logger->log(this->logger, CONTROL|MOST, "Increase message counter for outgoing messages"); this->message_id_out++; return SUCCESS; } /** * Implementation of protected_ike_sa_t.send_response. */ static status_t send_response (private_ike_sa_t *this,message_t * message) { packet_t *packet; status_t status; if (message->get_message_id(message) != this->message_id_in) { this->logger->log(this->logger, CONTROL|MOST, "Message could not be sent cause id was not as expected"); return FAILED; } status = message->generate(message, this->crypter_responder,this->signer_responder, &packet); if (status != SUCCESS) { this->logger->log(this->logger, ERROR, "Could not generate packet from message"); return FAILED; } this->logger->log(this->logger, CONTROL|MOST, "Add packet to global send queue"); charon->send_queue->add(charon->send_queue, packet); if (this->last_responded_message != NULL) { /* destroy message */ this->last_responded_message->destroy(this->last_responded_message); } this->logger->log(this->logger, CONTROL|MOST, "replace last responded message with new one"); this->last_responded_message = message; /* message counter can now be increased */ this->logger->log(this->logger, CONTROL|MOST, "Increase message counter for incoming messages"); this->message_id_in++; return SUCCESS; } /** * Implementation of protected_ike_sa_t.set_last_replied_message_id. */ static void set_last_replied_message_id (private_ike_sa_t *this,u_int32_t message_id) { this->last_replied_message_id = message_id; } /** * Implementation of protected_ike_sa_t.reset_message_buffers. */ static void reset_message_buffers (private_ike_sa_t *this) { this->logger->log(this->logger, CONTROL|MOST, "Reset message counters and destroy stored messages"); /* destroy stored requested message */ if (this->last_requested_message != NULL) { this->last_requested_message->destroy(this->last_requested_message); this->last_requested_message = NULL; } /* destroy stored responded messages */ if (this->last_responded_message != NULL) { this->last_responded_message->destroy(this->last_responded_message); this->last_responded_message = NULL; } this->message_id_out = 0; this->message_id_in = 0; this->last_replied_message_id = -1; } /** * Implementation of protected_ike_sa_t.destroy. */ static void destroy (private_ike_sa_t *this) { this->logger->log(this->logger, CONTROL | MORE, "Going to destroy IKE_SA"); /* destroy child sa's */ this->logger->log(this->logger, CONTROL | MOST, "Destroy all child_sa's"); while (this->child_sas->get_count(this->child_sas) > 0) { void *child_sa; if (this->child_sas->remove_first(this->child_sas, &child_sa) != SUCCESS) { break; } /* destroy child sa */ } this->child_sas->destroy(this->child_sas); this->logger->log(this->logger, CONTROL | MOST, "Destroy secrets"); allocator_free(this->secrets.d_key.ptr); allocator_free(this->secrets.ai_key.ptr); allocator_free(this->secrets.ar_key.ptr); allocator_free(this->secrets.ei_key.ptr); allocator_free(this->secrets.er_key.ptr); allocator_free(this->secrets.pi_key.ptr); allocator_free(this->secrets.pr_key.ptr); if (this->crypter_initiator != NULL) { this->crypter_initiator->destroy(this->crypter_initiator); } if (this->crypter_responder != NULL) { this->crypter_responder->destroy(this->crypter_responder); } if (this->signer_initiator != NULL) { this->signer_initiator->destroy(this->signer_initiator); } if (this->signer_responder != NULL) { this->signer_responder->destroy(this->signer_responder); } if (this->prf != NULL) { this->prf->destroy(this->prf); } /* destroy ike_sa_id */ this->ike_sa_id->destroy(this->ike_sa_id); /* destroy stored requested message */ if (this->last_requested_message != NULL) { this->last_requested_message->destroy(this->last_requested_message); } /* destroy stored host_t objects */ if (this->me.host != NULL) { this->me.host->destroy(this->me.host); } /* destroy stored host_t objects */ if (this->other.host != NULL) { this->other.host->destroy(this->other.host); } /* destroy stored responded messages */ if (this->last_responded_message != NULL) { this->last_responded_message->destroy(this->last_responded_message); } this->randomizer->destroy(this->randomizer); this->logger->log(this->logger, CONTROL | MOST, "Destroy current state object"); this->current_state->destroy(this->current_state); this->logger->log(this->logger, CONTROL | MOST, "Destroy logger of IKE_SA"); charon->logger_manager->destroy_logger(charon->logger_manager, this->logger); allocator_free(this); } /* * Described in Header */ ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id) { private_ike_sa_t *this = allocator_alloc_thing(private_ike_sa_t); /* Public functions */ this->protected.public.process_message = (status_t(*)(ike_sa_t*, message_t*)) process_message; this->protected.public.initialize_connection = (status_t(*)(ike_sa_t*, char*)) initialize_connection; this->protected.public.get_id = (ike_sa_id_t*(*)(ike_sa_t*)) get_id; this->protected.public.retransmit_request = (status_t (*) (ike_sa_t *, u_int32_t)) retransmit_request; this->protected.public.destroy = (void(*)(ike_sa_t*))destroy; /* protected functions */ this->protected.build_message = (void (*) (protected_ike_sa_t *, exchange_type_t , bool , message_t **)) build_message; this->protected.compute_secrets = (void (*) (protected_ike_sa_t *,chunk_t ,chunk_t , chunk_t )) compute_secrets; this->protected.get_logger = (logger_t *(*) (protected_ike_sa_t *)) get_logger; this->protected.set_init_config = (void (*) (protected_ike_sa_t *,init_config_t *)) set_init_config; this->protected.get_init_config = (init_config_t *(*) (protected_ike_sa_t *)) get_init_config; this->protected.set_sa_config = (void (*) (protected_ike_sa_t *,sa_config_t *)) set_sa_config; this->protected.get_sa_config = (sa_config_t *(*) (protected_ike_sa_t *)) get_sa_config; this->protected.get_my_host = (host_t *(*) (protected_ike_sa_t *)) get_my_host; this->protected.get_other_host = (host_t *(*) (protected_ike_sa_t *)) get_other_host; this->protected.set_my_host = (void(*) (protected_ike_sa_t *,host_t *)) set_my_host; this->protected.set_other_host = (void(*) (protected_ike_sa_t *, host_t *)) set_other_host; this->protected.get_randomizer = (randomizer_t *(*) (protected_ike_sa_t *)) get_randomizer; this->protected.send_request = (status_t (*) (protected_ike_sa_t *,message_t *)) send_request; this->protected.send_response = (status_t (*) (protected_ike_sa_t *,message_t *)) send_response; this->protected.create_transforms_from_proposal = (status_t (*) (protected_ike_sa_t *,ike_proposal_t *)) create_transforms_from_proposal; this->protected.set_new_state = (void (*) (protected_ike_sa_t *,state_t *)) set_new_state; this->protected.get_crypter_initiator = (crypter_t *(*) (protected_ike_sa_t *)) get_crypter_initiator; this->protected.get_signer_initiator = (signer_t *(*) (protected_ike_sa_t *)) get_signer_initiator; this->protected.get_crypter_responder = (crypter_t *(*) (protected_ike_sa_t *)) get_crypter_responder; this->protected.get_signer_responder = (signer_t *(*) (protected_ike_sa_t *)) get_signer_responder; this->protected.reset_message_buffers = (void (*) (protected_ike_sa_t *)) reset_message_buffers; this->protected.set_last_replied_message_id = (void (*) (protected_ike_sa_t *,u_int32_t)) set_last_replied_message_id; /* private functions */ this->resend_last_reply = resend_last_reply; this->create_delete_job = create_delete_job; /* initialize private fields */ this->logger = charon->logger_manager->create_logger(charon->logger_manager, IKE_SA, NULL); this->ike_sa_id = ike_sa_id->clone(ike_sa_id); this->child_sas = linked_list_create(); this->randomizer = randomizer_create(); this->me.host = NULL; this->other.host = NULL; this->last_requested_message = NULL; this->last_responded_message = NULL; this->message_id_out = 0; this->message_id_in = 0; this->last_replied_message_id = -1; this->secrets.d_key = CHUNK_INITIALIZER; this->secrets.ai_key = CHUNK_INITIALIZER; this->secrets.ar_key = CHUNK_INITIALIZER; this->secrets.ei_key = CHUNK_INITIALIZER; this->secrets.er_key = CHUNK_INITIALIZER; this->secrets.pi_key = CHUNK_INITIALIZER; this->secrets.pr_key = CHUNK_INITIALIZER; this->crypter_initiator = NULL; this->crypter_responder = NULL; this->signer_initiator = NULL; this->signer_responder = NULL; this->prf = NULL; this->init_config = NULL; this->sa_config = NULL; /* at creation time, IKE_SA is in a initiator state */ if (ike_sa_id->is_initiator(ike_sa_id)) { this->current_state = (state_t *) initiator_init_create(&(this->protected)); } else { this->current_state = (state_t *) responder_init_create(&(this->protected)); } return &(this->protected.public); }