ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity

- code cleaned up

This commit is contained in:
Jan Hutter 2005-12-07 09:03:34 +00:00
parent 144f676cf5
commit 39b2903ffe
8 changed files with 315 additions and 197 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

83
Source/charon/sa/authenticator.c
View File

@ -1,7 +1,7 @@
/**
* @file authenticator.c
*
* @brief Implementation of authenticator.
* @brief Implementation of authenticator_t.
*
*/
@ -35,6 +35,7 @@
*/
#define IKE_V2_KEY_PAD_LEN strlen(IKE_V2_KEY_PAD)
typedef struct private_authenticator_t private_authenticator_t;
/**
@ -65,7 +66,7 @@ struct private_authenticator_t {
logger_t *logger;
/**
* Creates the octets which are signed (RSA) or MACed (shared secret) as described in section
* @brief Creates the octets which are signed (RSA) or MACed (shared secret) as described in section
* 2.15 of draft.
*
* @param this calling object
@ -77,10 +78,14 @@ struct private_authenticator_t {
* @return octets as described in section 2.15. Memory gets allocated and has to get
* destroyed by caller.
*/
chunk_t (*allocate_octets) (private_authenticator_t *this,chunk_t last_message, chunk_t other_nonce,id_payload_t *my_id, bool initiator);
chunk_t (*allocate_octets) (private_authenticator_t *this,
chunk_t last_message,
chunk_t other_nonce,
id_payload_t *my_id,
bool initiator);
/**
* Creates the AUTH data using auth method SHARED_KEY_MESSAGE_INTEGRITY_CODE.
* @brief Creates the AUTH data using auth method SHARED_KEY_MESSAGE_INTEGRITY_CODE.
*
* @param this calling object
* @param last_message the last message
@ -88,17 +93,28 @@ struct private_authenticator_t {
* @param nonce Nonce data to include in auth data compution
* @param id_payload id_payload_t object representing an ID payload
* @param initiator Type of peer. TRUE, if it is original initiator, FALSE otherwise
* @param shared_secret shared secret as chunk_t. If shared secret is a string, the NULL termination is not included.
* @return AUTH data as dscribed in section 2.15 for AUTH method SHARED_KEY_MESSAGE_INTEGRITY_CODE.
* @param shared_secret shared secret as chunk_t. If shared secret is a string,
* the NULL termination is not included.
* @return AUTH data as dscribed in section 2.15 for
* AUTH method SHARED_KEY_MESSAGE_INTEGRITY_CODE.
* Memory gets allocated and has to get destroyed by caller.
*/
chunk_t (*allocate_auth_data_with_preshared_secret) (private_authenticator_t *this,chunk_t last_message, chunk_t nonce,id_payload_t *id_payload, bool initiator,chunk_t preshared_secret);
chunk_t (*allocate_auth_data_with_preshared_secret) (private_authenticator_t *this,
chunk_t last_message,
chunk_t nonce,
id_payload_t *id_payload,
bool initiator,
chunk_t preshared_secret);
};
/**
* Implementation of private_authenticator_t.allocate_octets.
*/
static chunk_t allocate_octets(private_authenticator_t *this,chunk_t last_message, chunk_t other_nonce,id_payload_t *my_id, bool initiator)
static chunk_t allocate_octets(private_authenticator_t *this,
chunk_t last_message,
chunk_t other_nonce,
id_payload_t *my_id,
bool initiator)
{
chunk_t id_chunk = my_id->get_data(my_id);
u_int8_t id_with_header[4 + id_chunk.len];
@ -148,7 +164,12 @@ static chunk_t allocate_octets(private_authenticator_t *this,chunk_t last_messag
/**
* Implementation of private_authenticator_t.allocate_auth_data_with_preshared_secret.
*/
static chunk_t allocate_auth_data_with_preshared_secret (private_authenticator_t *this,chunk_t last_message, chunk_t nonce,id_payload_t *id_payload, bool initiator,chunk_t preshared_secret)
static chunk_t allocate_auth_data_with_preshared_secret (private_authenticator_t *this,
chunk_t last_message,
chunk_t nonce,
id_payload_t *id_payload,
bool initiator,
chunk_t preshared_secret)
{
chunk_t key_pad = {ptr: IKE_V2_KEY_PAD, len:IKE_V2_KEY_PAD_LEN};
u_int8_t key_buffer[this->prf->get_block_size(this->prf)];
@ -174,7 +195,12 @@ static chunk_t allocate_auth_data_with_preshared_secret (private_authenticator_t
/**
* Implementation of authenticator_t.verify_auth_data.
*/
static status_t verify_auth_data (private_authenticator_t *this,auth_payload_t *auth_payload, chunk_t last_received_packet,chunk_t my_nonce,id_payload_t *other_id_payload,bool initiator)
static status_t verify_auth_data (private_authenticator_t *this,
auth_payload_t *auth_payload,
chunk_t last_received_packet,
chunk_t my_nonce,
id_payload_t *other_id_payload,
bool initiator)
{
switch(auth_payload->get_auth_method(auth_payload))
{
@ -185,14 +211,21 @@ static status_t verify_auth_data (private_authenticator_t *this,auth_payload_t *
chunk_t preshared_secret;
status_t status;
status = charon->configuration_manager->get_shared_secret(charon->configuration_manager,other_id,&preshared_secret);
status = charon->configuration_manager->get_shared_secret(charon->configuration_manager,
other_id,
&preshared_secret);
other_id->destroy(other_id);
if (status != SUCCESS)
{
return status;
}
chunk_t my_auth_data = this->allocate_auth_data_with_preshared_secret(this,last_received_packet,my_nonce,other_id_payload,initiator,preshared_secret);
chunk_t my_auth_data = this->allocate_auth_data_with_preshared_secret(this,
last_received_packet,
my_nonce,
other_id_payload,
initiator,
preshared_secret);
if (auth_data.len != my_auth_data.len)
{
@ -219,7 +252,9 @@ static status_t verify_auth_data (private_authenticator_t *this,auth_payload_t *
auth_data = auth_payload->get_data(auth_payload);
status = charon->configuration_manager->get_rsa_public_key(charon->configuration_manager, other_id, &public_key);
status = charon->configuration_manager->get_rsa_public_key(charon->configuration_manager,
other_id,
&public_key);
other_id->destroy(other_id);
if (status != SUCCESS)
{
@ -243,7 +278,12 @@ static status_t verify_auth_data (private_authenticator_t *this,auth_payload_t *
/**
* Implementation of authenticator_t.compute_auth_data.
*/
static status_t compute_auth_data (private_authenticator_t *this,auth_payload_t **auth_payload, chunk_t last_sent_packet,chunk_t other_nonce,id_payload_t *my_id_payload,bool initiator)
static status_t compute_auth_data (private_authenticator_t *this,
auth_payload_t **auth_payload,
chunk_t last_sent_packet,
chunk_t other_nonce,
id_payload_t *my_id_payload,
bool initiator)
{
sa_config_t *sa_config = this->ike_sa->get_sa_config(this->ike_sa);
@ -255,7 +295,9 @@ static status_t compute_auth_data (private_authenticator_t *this,auth_payload_t
chunk_t preshared_secret;
status_t status;
status = charon->configuration_manager->get_shared_secret(charon->configuration_manager,my_id,&preshared_secret);
status = charon->configuration_manager->get_shared_secret(charon->configuration_manager,
my_id,
&preshared_secret);
my_id->destroy(my_id);
if (status != SUCCESS)
@ -263,7 +305,12 @@ static status_t compute_auth_data (private_authenticator_t *this,auth_payload_t
return status;
}
chunk_t auth_data = this->allocate_auth_data_with_preshared_secret(this,last_sent_packet,other_nonce,my_id_payload,initiator,preshared_secret);
chunk_t auth_data = this->allocate_auth_data_with_preshared_secret(this,
last_sent_packet,
other_nonce,
my_id_payload,
initiator,
preshared_secret);
*auth_payload = auth_payload_create();
(*auth_payload)->set_auth_method((*auth_payload),SHARED_KEY_MESSAGE_INTEGRITY_CODE);
@ -279,7 +326,9 @@ static status_t compute_auth_data (private_authenticator_t *this,auth_payload_t
status_t status;
chunk_t octets, auth_data;
status = charon->configuration_manager->get_rsa_private_key(charon->configuration_manager, my_id, &private_key);
status = charon->configuration_manager->get_rsa_private_key(charon->configuration_manager,
my_id,
&private_key);
my_id->destroy(my_id);
if (status != SUCCESS)
{

51
Source/charon/sa/authenticator.h
View File

@ -24,16 +24,16 @@
#define _AUTHENTICATOR_H_
#include <types.h>
#include <sa/ike_sa.h>
#include <network/packet.h>
#include <encoding/payloads/auth_payload.h>
#include <encoding/payloads/id_payload.h>
#include <network/packet.h>
#include <sa/ike_sa.h>
typedef struct authenticator_t authenticator_t;
/**
* @brief Class authenticator_t. Used to authenticate a peer.
* @brief Class used to authenticate a peer.
*
* Currently the following two AUTH methods are supported:
* - SHARED_KEY_MESSAGE_INTEGRITY_CODE
@ -41,7 +41,10 @@ typedef struct authenticator_t authenticator_t;
*
* This class retrieves needed data for specific AUTH methods (RSA keys, shared secrets, etc.)
* over an internal stored protected_ike_sa_t object or directly from the configuration_manager_t over
* the daemon_t object charon.
* the daemon_t object "charon".
*
* @b Constructors:
* - authenticator_create()
*
* @ingroup sa
*/
@ -55,18 +58,21 @@ struct authenticator_t {
* - the nonce value sent to the other peer
* - the ID payload of the other peer
*
* @param this authenticator_t object
* @param this calling object
* @param last_received_packet binary representation of the last received IKEv2-Message
* @param my_nonce The sent nonce (without payload header)
* @param other_id_payload The ID payload received from other peer
* @param initiator Type of other peer. TRUE, if it is original initiator, FALSE otherwise
* @param my_nonce the sent nonce (without payload header)
* @param other_id_payload the ID payload received from other peer
* @param initiator type of other peer. TRUE, if it is original initiator, FALSE otherwise
*
* @todo Document RSA error status types
*
* @return
* - SUCCESS if verification could be processed (does not mean the data could be verified)
* - SUCCESS if verification could be processed
* (does not mean the data could be verified)
* - FAILED if verification failed
* - NOT_SUPPORTED if AUTH method not supported
* - NOT_FOUND if the data for specific AUTH method could not be found (e.g. shared secret, rsa key)
* - TODO rsa errors!!
* - NOT_FOUND if the data for specific AUTH method could not be found
* (e.g. shared secret, rsa key)
*/
status_t (*verify_auth_data) (authenticator_t *this,
auth_payload_t *auth_payload,
@ -83,18 +89,19 @@ struct authenticator_t {
* - the nonce value received from the other peer
* - the ID payload of myself
*
* @param this authenticator_t object
* @param this calling object
* @param[out] auth_payload The object of typee auth_payload_t will be created at pointing location
* @param last_sent_packet binary representation of the last sent IKEv2-Message
* @param other_nonce The received nonce (without payload header)
* @param my_id_payload The ID payload going to send to other peer
* @param initiator Type of myself. TRUE, if I'm original initiator, FALSE otherwise
* @param other_nonce the received nonce (without payload header)
* @param my_id_payload the ID payload going to send to other peer
* @param initiator type of myself. TRUE, if I'm original initiator, FALSE otherwise
*
* @todo Document RSA error status types
*
* @return
* - SUCCESS if authentication data could be computed
* - NOT_SUPPORTED if AUTH method not supported
* - NOT_FOUND if the data for AUTH method could not be found
* - TODO rsa errors!!
*/
status_t (*compute_auth_data) (authenticator_t *this,
auth_payload_t **auth_payload,
@ -106,7 +113,7 @@ struct authenticator_t {
/**
* @brief Destroys a authenticator_t object.
*
* @param this authenticator_t object
* @param this calling object
*/
void (*destroy) (authenticator_t *this);
};
@ -116,13 +123,15 @@ struct authenticator_t {
*
* @warning: The following functions of the assigned protected_ike_sa_t object
* must return a valid value:
* - protected_ike_sa_t.get_sa_config
* - protected_ike_sa_t.get_prf
* - protected_ike_sa_t.get_logger
* - protected_ike_sa_t.get_sa_config
* - protected_ike_sa_t.get_prf
* - protected_ike_sa_t.get_logger
* This preconditions are not given in IKE_SA states INITIATOR_INIT or RESPONDER_INIT!
*
* @param ike_sa object of type protected_ike_sa_t
*
* @return authenticator_t object
*
* @ingroup sa
*/
authenticator_t *authenticator_create(protected_ike_sa_t *ike_sa);

6
Source/charon/sa/child_sa.h
View File

@ -21,8 +21,8 @@
*/
#ifndef CHILD_SA_H_
#define CHILD_SA_H_
#ifndef _CHILD_SA_H_
#define _CHILD_SA_H_
#include <types.h>
#include <transforms/prf_plus.h>
@ -70,4 +70,4 @@ struct child_sa_t {
*/
child_sa_t * child_sa_create(protocol_id_t protocol_id, prf_plus_t *prf_plus);
#endif /*CHILD_SA_H_*/
#endif /*_CHILD_SA_H_*/

117
Source/charon/sa/ike_sa.c
View File

@ -285,7 +285,8 @@ static status_t process_message (private_ike_sa_t *this, message_t *message)
is_request = message->get_request(message);
exchange_type = message->get_exchange_type(message);
this->logger->log(this->logger, CONTROL, "Process %s message of exchange type %s",(is_request) ? "REQUEST" : "RESPONSE",mapping_find(exchange_type_m,exchange_type));
this->logger->log(this->logger, CONTROL, "Process %s message of exchange type %s",
(is_request) ? "REQUEST" : "RESPONSE",mapping_find(exchange_type_m,exchange_type));
message_id = message->get_message_id(message);
@ -305,7 +306,9 @@ static status_t process_message (private_ike_sa_t *this, message_t *message)
/* In a request, the message has to be this->message_id_in (other case is already handled) */
if (message_id != this->message_id_in)
{
this->logger->log(this->logger, ERROR | LEVEL1, "Message request with message id %d received, but %d expected",message_id,this->message_id_in);
this->logger->log(this->logger, ERROR | LEVEL1,
"Message request with message id %d received, but %d expected",
message_id,this->message_id_in);
return FAILED;
}
}
@ -314,7 +317,9 @@ static status_t process_message (private_ike_sa_t *this, message_t *message)
/* In a reply, the message has to be this->message_id_out -1 cause it is the reply to the last sent message*/
if (message_id != (this->message_id_out - 1))
{
this->logger->log(this->logger, ERROR | LEVEL1, "Message reply with message id %d received, but %d expected",message_id,this->message_id_in);
this->logger->log(this->logger, ERROR | LEVEL1,
"Message reply with message id %d received, but %d expected",
message_id,this->message_id_in);
return FAILED;
}
}
@ -379,7 +384,10 @@ static ike_sa_id_t* get_id(private_ike_sa_t *this)
/**
* Implementation of protected_ike_sa_t.compute_secrets.
*/
static void compute_secrets(private_ike_sa_t *this,chunk_t dh_shared_secret,chunk_t initiator_nonce, chunk_t responder_nonce)
static void compute_secrets(private_ike_sa_t *this,
chunk_t dh_shared_secret,
chunk_t initiator_nonce,
chunk_t responder_nonce)
{
u_int8_t ei_buffer[this->crypter_initiator->get_block_size(this->crypter_initiator)];
chunk_t ei_key = {ptr: ei_buffer, len: sizeof(ei_buffer)};
@ -454,10 +462,14 @@ static void compute_secrets(private_ike_sa_t *this,chunk_t dh_shared_secret,chun
this->logger->log_chunk(this->logger, PRIVATE, "Sk_er secret", &(er_key));
this->crypter_responder->set_key(this->crypter_responder,er_key);
prf_plus->allocate_bytes(prf_plus,this->crypter_responder->get_block_size(this->crypter_responder),&(this->secrets.pi_key));
prf_plus->allocate_bytes(prf_plus,
this->crypter_responder->get_block_size(this->crypter_responder),
&(this->secrets.pi_key));
this->logger->log_chunk(this->logger, PRIVATE, "Sk_pi secret", &(this->secrets.pi_key));
prf_plus->allocate_bytes(prf_plus,this->crypter_responder->get_block_size(this->crypter_responder),&(this->secrets.pr_key));
prf_plus->allocate_bytes(prf_plus,
this->crypter_responder->get_block_size(this->crypter_responder),
&(this->secrets.pr_key));
this->logger->log_chunk(this->logger, PRIVATE, "Sk_pr secret", &(this->secrets.pr_key));
prf_plus->destroy(prf_plus);
@ -619,11 +631,17 @@ static chunk_t get_key_pi (private_ike_sa_t *this)
*/
static status_t create_transforms_from_proposal (private_ike_sa_t *this,ike_proposal_t *proposal)
{
this->logger->log(this->logger, CONTROL|LEVEL1, "Going to create transform objects for proposal");
this->logger->log(this->logger, CONTROL|LEVEL2, "Going to create transform objects for proposal");
this->logger->log(this->logger, CONTROL|LEVEL1, "Encryption algorithm: %s with keylength %d",mapping_find(encryption_algorithm_m,proposal->encryption_algorithm),proposal->encryption_algorithm_key_length);
this->logger->log(this->logger, CONTROL|LEVEL1, "integrity algorithm: %s with keylength %d",mapping_find(integrity_algorithm_m,proposal->integrity_algorithm),proposal->integrity_algorithm_key_length);
this->logger->log(this->logger, CONTROL|LEVEL1, "prf: %s with keylength %d",mapping_find(pseudo_random_function_m,proposal->pseudo_random_function),proposal->pseudo_random_function_key_length);
this->logger->log(this->logger, CONTROL|LEVEL2, "Encryption algorithm: %s with keylength %d",
mapping_find(encryption_algorithm_m,proposal->encryption_algorithm),
proposal->encryption_algorithm_key_length);
this->logger->log(this->logger, CONTROL|LEVEL2, "Integrity algorithm: %s with keylength %d",
mapping_find(integrity_algorithm_m,proposal->integrity_algorithm),
proposal->integrity_algorithm_key_length);
this->logger->log(this->logger, CONTROL|LEVEL2, "PRF: %s with keylength %d",
mapping_find(pseudo_random_function_m,proposal->pseudo_random_function),
proposal->pseudo_random_function_key_length);
if (this->prf != NULL)
{
@ -632,7 +650,8 @@ static status_t create_transforms_from_proposal (private_ike_sa_t *this,ike_prop
this->prf = prf_create(proposal->pseudo_random_function);
if (this->prf == NULL)
{
this->logger->log(this->logger, ERROR|LEVEL1, "prf not supported!");
this->logger->log(this->logger, ERROR|LEVEL1, "PRF %s not supported!",
mapping_find(pseudo_random_function_m,proposal->pseudo_random_function));
return FAILED;
}
@ -640,10 +659,11 @@ static status_t create_transforms_from_proposal (private_ike_sa_t *this,ike_prop
{
this->crypter_initiator->destroy(this->crypter_initiator);
}
this->crypter_initiator = crypter_create(proposal->encryption_algorithm,proposal->encryption_algorithm_key_length);
this->crypter_initiator = crypter_create(proposal->encryption_algorithm,
proposal->encryption_algorithm_key_length);
if (this->crypter_initiator == NULL)
{
this->logger->log(this->logger, ERROR|LEVEL1, "encryption algorithm %s not supported!",
this->logger->log(this->logger, ERROR|LEVEL1, "Encryption algorithm %s not supported!",
mapping_find(encryption_algorithm_m,proposal->encryption_algorithm));
return FAILED;
}
@ -652,7 +672,8 @@ static status_t create_transforms_from_proposal (private_ike_sa_t *this,ike_prop
{
this->crypter_responder->destroy(this->crypter_responder);
}
this->crypter_responder = crypter_create(proposal->encryption_algorithm,proposal->encryption_algorithm_key_length);
this->crypter_responder = crypter_create(proposal->encryption_algorithm,
proposal->encryption_algorithm_key_length);
/* check must not be done again */
if (this->signer_initiator != NULL)
@ -662,7 +683,8 @@ static status_t create_transforms_from_proposal (private_ike_sa_t *this,ike_prop
this->signer_initiator = signer_create(proposal->integrity_algorithm);
if (this->signer_initiator == NULL)
{
this->logger->log(this->logger, ERROR|LEVEL1, "integrity algorithm not supported!");
this->logger->log(this->logger, ERROR|LEVEL1, "Integrity algorithm %s not supported!",
mapping_find(integrity_algorithm_m,proposal->integrity_algorithm));
return FAILED;
}
@ -742,7 +764,9 @@ static status_t send_request (private_ike_sa_t *this,message_t * message)
return FAILED;
}
this->logger->log(this->logger, CONTROL|LEVEL2, "Add packet to global send queue");
this->logger->log(this->logger, CONTROL|LEVEL3,
"Add request packet with message id %d to global send queue",
this->message_id_out);
charon->send_queue->add(charon->send_queue, packet);
if (this->last_requested_message != NULL)
@ -751,12 +775,13 @@ static status_t send_request (private_ike_sa_t *this,message_t * message)
this->last_requested_message->destroy(this->last_requested_message);
}
this->logger->log(this->logger, CONTROL|LEVEL2, "replace last requested message with new one");
this->logger->log(this->logger, CONTROL|LEVEL3, "Replace last requested message with new one");
this->last_requested_message = message;
retransmit_job = retransmit_request_job_create(this->message_id_out,this->ike_sa_id);
status = charon->configuration_manager->get_retransmit_timeout (charon->configuration_manager,retransmit_job->get_retransmit_count(retransmit_job),&timeout);
status = charon->configuration_manager->get_retransmit_timeout (charon->configuration_manager,
retransmit_job->get_retransmit_count(retransmit_job),&timeout);
if (status != SUCCESS)
{
@ -770,7 +795,9 @@ static status_t send_request (private_ike_sa_t *this,message_t * message)
}
/* message counter can now be increased */
this->logger->log(this->logger, CONTROL|LEVEL2, "Increase message counter for outgoing messages from %d",this->message_id_out);
this->logger->log(this->logger, CONTROL|LEVEL3,
"Increase message counter for outgoing messages from %d",
this->message_id_out);
this->message_id_out++;
return SUCCESS;
}
@ -785,7 +812,7 @@ static status_t send_response (private_ike_sa_t *this,message_t * message)
if (message->get_message_id(message) != this->message_id_in)
{
this->logger->log(this->logger, CONTROL|LEVEL2, "Message could not be sent cause id was not as expected");
this->logger->log(this->logger, ERROR, "Message could not be sent cause id was not as expected");
return FAILED;
}
@ -796,7 +823,9 @@ static status_t send_response (private_ike_sa_t *this,message_t * message)
return FAILED;
}
this->logger->log(this->logger, CONTROL|LEVEL2, "Add packet to global send queue");
this->logger->log(this->logger, CONTROL|LEVEL3,
"Add response packet with message id %d to global send queue",
this->message_id_in);
charon->send_queue->add(charon->send_queue, packet);
if (this->last_responded_message != NULL)
@ -805,11 +834,11 @@ static status_t send_response (private_ike_sa_t *this,message_t * message)
this->last_responded_message->destroy(this->last_responded_message);
}
this->logger->log(this->logger, CONTROL|LEVEL2, "replace last responded message with new one");
this->logger->log(this->logger, CONTROL|LEVEL3, "Replace last responded message with new one");
this->last_responded_message = message;
/* message counter can now be increased */
this->logger->log(this->logger, CONTROL|LEVEL2, "Increase message counter for incoming messages");
this->logger->log(this->logger, CONTROL|LEVEL3, "Increase message counter for incoming messages");
this->message_id_in++;
return SUCCESS;
@ -839,6 +868,9 @@ static message_t * get_last_requested_message (private_ike_sa_t *this)
return this->last_requested_message;
}
/**
* Implementation of protected_ike_sa_t.get_state.
*/
static ike_sa_state_t get_state (private_ike_sa_t *this)
{
return this->current_state->get_state(this->current_state);
@ -869,11 +901,16 @@ static void reset_message_buffers (private_ike_sa_t *this)
this->last_replied_message_id = -1;
}
/**
* Implementation of protected_ike_sa_t.create_delete_established_ike_sa_job.
*/
static void create_delete_established_ike_sa_job (private_ike_sa_t *this,u_int32_t timeout)
{
job_t *delete_job;
this->logger->log(this->logger, CONTROL | LEVEL1, "Going to create job to delete established IKE_SA in %d ms", timeout);
this->logger->log(this->logger, CONTROL | LEVEL1,
"Going to create job to delete established IKE_SA in %d ms",
timeout);
delete_job = (job_t *) delete_established_ike_sa_job_create(this->ike_sa_id);
charon->event_queue->add_relative(charon->event_queue,delete_job, timeout);
@ -890,7 +927,7 @@ static void destroy (private_ike_sa_t *this)
this->ike_sa_id->is_initiator(this->ike_sa_id) ? "initiator" : "responder");
/* destroy child sa's */
this->logger->log(this->logger, CONTROL | LEVEL2, "Destroy all child_sa's");
this->logger->log(this->logger, CONTROL | LEVEL3, "Destroy all child_sa's");
while (this->child_sas->get_count(this->child_sas) > 0)
{
void *child_sa;
@ -902,86 +939,86 @@ static void destroy (private_ike_sa_t *this)
}
this->child_sas->destroy(this->child_sas);
this->logger->log(this->logger, CONTROL | LEVEL2, "Destroy secrets");
this->logger->log(this->logger, CONTROL | LEVEL3, "Destroy secrets");
allocator_free(this->secrets.d_key.ptr);
allocator_free(this->secrets.pi_key.ptr);
allocator_free(this->secrets.pr_key.ptr);
if (this->crypter_initiator != NULL)
{
this->logger->log(this->logger, CONTROL | LEVEL2, "Destroy initiator crypter_t object");
this->logger->log(this->logger, CONTROL | LEVEL3, "Destroy initiator crypter_t object");
this->crypter_initiator->destroy(this->crypter_initiator);
}
if (this->crypter_responder != NULL)
{
this->logger->log(this->logger, CONTROL | LEVEL2, "Destroy responder crypter_t object");
this->logger->log(this->logger, CONTROL | LEVEL3, "Destroy responder crypter_t object");
this->crypter_responder->destroy(this->crypter_responder);
}
if (this->signer_initiator != NULL)
{
this->logger->log(this->logger, CONTROL | LEVEL2, "Destroy initiator signer_t object");
this->logger->log(this->logger, CONTROL | LEVEL3, "Destroy initiator signer_t object");
this->signer_initiator->destroy(this->signer_initiator);
}
if (this->signer_responder != NULL)
{
this->logger->log(this->logger, CONTROL | LEVEL2, "Destroy responder signer_t object");
this->logger->log(this->logger, CONTROL | LEVEL3, "Destroy responder signer_t object");
this->signer_responder->destroy(this->signer_responder);
}
if (this->prf != NULL)
{
this->logger->log(this->logger, CONTROL | LEVEL2, "Destroy prf_t object");
this->logger->log(this->logger, CONTROL | LEVEL3, "Destroy prf_t object");
this->prf->destroy(this->prf);
}
/* destroy ike_sa_id */
this->logger->log(this->logger, CONTROL | LEVEL2, "Destroy ike_sa_id object");
this->logger->log(this->logger, CONTROL | LEVEL3, "Destroy ike_sa_id object");
this->ike_sa_id->destroy(this->ike_sa_id);
/* destroy stored requested message */
if (this->last_requested_message != NULL)
{
this->logger->log(this->logger, CONTROL | LEVEL2, "Destroy last requested message");
this->logger->log(this->logger, CONTROL | LEVEL3, "Destroy last requested message");
this->last_requested_message->destroy(this->last_requested_message);
}
/* destroy stored responded messages */
if (this->last_responded_message != NULL)
{
this->logger->log(this->logger, CONTROL | LEVEL2, "Destroy last responded message");
this->logger->log(this->logger, CONTROL | LEVEL3, "Destroy last responded message");
this->last_responded_message->destroy(this->last_responded_message);
}
/* destroy stored host_t objects */
if (this->me.host != NULL)
{
this->logger->log(this->logger, CONTROL | LEVEL2, "Destroy my host_t object");
this->logger->log(this->logger, CONTROL | LEVEL3, "Destroy my host_t object");
this->me.host->destroy(this->me.host);
}
/* destroy stored host_t objects */
if (this->other.host != NULL)
{
this->logger->log(this->logger, CONTROL | LEVEL2, "Destroy other host_t object");
this->logger->log(this->logger, CONTROL | LEVEL3, "Destroy other host_t object");
this->other.host->destroy(this->other.host);
}
this->randomizer->destroy(this->randomizer);
this->logger->log(this->logger, CONTROL | LEVEL2, "Destroy current state object");
this->logger->log(this->logger, CONTROL | LEVEL3, "Destroy current state object");
this->current_state->destroy(this->current_state);
this->logger->log(this->logger, CONTROL | LEVEL2, "Destroy logger of IKE_SA");
this->logger->log(this->logger, CONTROL | LEVEL3, "Destroy logger of IKE_SA");
charon->logger_manager->destroy_logger(charon->logger_manager, this->logger);
allocator_free(this);
}
/*
* Described in Header
* Described in header.
*/
ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id)
{
@ -1057,10 +1094,12 @@ ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id)
/* at creation time, IKE_SA is in a initiator state */
if (ike_sa_id->is_initiator(ike_sa_id))
{
this->logger->log(this->logger, CONTROL | LEVEL2, "Create first state_t object of type INITIATOR_INIT");
this->current_state = (state_t *) initiator_init_create(&(this->protected));
}
else
{
this->logger->log(this->logger, CONTROL | LEVEL2, "Create first state_t object of type RESPONDER_INIT");
this->current_state = (state_t *) responder_init_create(&(this->protected));
}
return &(this->protected.public);

134
Source/charon/sa/ike_sa.h
View File

@ -1,7 +1,7 @@
/**
* @file ike_sa.h
*
* @brief Interface of ike_sa_id_t.
* @brief Interface of ike_sa_t.
*
*/
@ -36,19 +36,23 @@
#include <transforms/signers/signer.h>
/**
* Nonce size in bytes of all sent nonces
* Nonce size in bytes for nonces sending to other peer.
*
* @warning Nonce size MUST be between 16 and 256 bytes.
*
* @ingroup sa
*/
#define NONCE_SIZE 16
typedef struct ike_sa_t ike_sa_t;
/**
* @brief Class ike_sa_t. An object of this type is managed by an
* ike_sa_manager_t object and represents an IKE_SA. Message processing
* is split up in different states. They will handle all related things
* for their state.
* @brief Class ike_sa_t representing an IKE_SA.
*
* An object of this type is managed by an ike_sa_manager_t object
* and represents an IKE_SA. Message processing is split up in different states.
* They will handle all related things for the state they represent.
*
* @b Constructors:
* - ike_sa_create()
@ -58,11 +62,14 @@ typedef struct ike_sa_t ike_sa_t;
struct ike_sa_t {
/**
* @brief Processes a incoming IKEv2-Message of type message_t
* @brief Processes a incoming IKEv2-Message of type message_t.
*
* @param this ike_sa_t object object
* @param[in] message message_t object to process
* @return SUCCESSFUL if succeeded, FAILED otherwise
* @return
* - SUCCESS
* - FAILED
* - DELETE_ME if this IKE_SA MUST be deleted
*/
status_t (*process_message) (ike_sa_t *this,message_t *message);
@ -74,7 +81,7 @@ struct ike_sa_t {
* @return
* - SUCCESS if initialization started
* - FAILED if in wrong state
* - DELETE_ME if initialization faild and SA should be deleted
* - DELETE_ME if initialization failed and IKE_SA MUST be deleted
*/
status_t (*initialize_connection) (ike_sa_t *this, char *name);
@ -91,8 +98,10 @@ struct ike_sa_t {
/**
* @brief Get the id of the SA.
*
* Returned ike_sa_id_t object is not getting cloned!
*
* @param this ike_sa_t object object
* @param this calling object
* @return ike_sa's ike_sa_id_t
*/
ike_sa_id_t* (*get_id) (ike_sa_t *this);
@ -100,7 +109,7 @@ struct ike_sa_t {
/**
* @brief Get the state of type of associated state object.
*
* @param this ike_sa_t object object
* @param this calling object
* @return state of IKE_SA
*/
ike_sa_state_t (*get_state) (ike_sa_t *this);
@ -108,7 +117,7 @@ struct ike_sa_t {
/**
* @brief Destroys a ike_sa_t object.
*
* @param this ike_sa_t object
* @param this calling object
*/
void (*destroy) (ike_sa_t *this);
};
@ -117,27 +126,27 @@ struct ike_sa_t {
typedef struct protected_ike_sa_t protected_ike_sa_t;
/**
* @brief Protected data of an ike_sa_t object.
* @brief Protected functions of an ike_sa_t object.
*
* This members should only be accessed from
* the varius state classes.
* This members are only accessed out from
* the various state_t implementations.
*
* @ingroup sa
*/
struct protected_ike_sa_t {
/**
* Public part of a ike_sa_t object
* Public interface of an ike_sa_t object.
*/
ike_sa_t public;
/**
* Builds an empty IKEv2-Message and fills in default informations.
* @brief Build an empty IKEv2-Message and fills in default informations.
*
* Depending on the type of message (request or response), the message id is
* either message_id_out or message_id_in.
*
* Used in every state.
* Used in state_t Implementation to build an empty IKEv2-Message.
*
* @param this calling object
* @param type exchange type of new message
@ -147,17 +156,25 @@ struct protected_ike_sa_t {
void (*build_message) (protected_ike_sa_t *this, exchange_type_t type, bool request, message_t **message);
/**
* Initiate a new connection with given configuration name
* @brief Compute the shared secrets needed for encryption, signing, etc.
*
* Preconditions:
* - Call of function protected_ike_sa_t.create_transforms_from_proposal
*
* @param this calling object
* @param dh_shared_secret shared secret of diffie hellman exchange
* @param initiator_nonce nonce of initiator
* @param responder_nonce nonce of responder
*/
void (*compute_secrets) (protected_ike_sa_t *this,chunk_t dh_shared_secret,chunk_t initiator_nonce, chunk_t responder_nonce);
void (*compute_secrets) (protected_ike_sa_t *this,
chunk_t dh_shared_secret,
chunk_t initiator_nonce,
chunk_t responder_nonce);
/**
* Gets the internal stored logger_t object for given ike_sa_t object.
* @brief Get the internal stored logger_t object for given ike_sa_t object.
*
* @warning Returned logger_t object is original one and managed by this object.
*
* @param this calling object
* @return pointer to the internal stored logger_t object
@ -165,9 +182,7 @@ struct protected_ike_sa_t {
logger_t *(*get_logger) (protected_ike_sa_t *this);
/**
* Gets the internal stored init_config_t object.
*
* Returned value has to get checked for NULL value!
* @brief Get the internal stored init_config_t object.
*
* @param this calling object
* @return pointer to the internal stored init_config_t object
@ -175,7 +190,7 @@ struct protected_ike_sa_t {
init_config_t *(*get_init_config) (protected_ike_sa_t *this);
/**
* Sets the internal init_config_t object.
* @brief Set the internal init_config_t object.
*
* @param this calling object
* @param init_config object of type init_config_t
@ -183,9 +198,7 @@ struct protected_ike_sa_t {
void (*set_init_config) (protected_ike_sa_t *this,init_config_t *init_config);
/**
* Gets the internal stored sa_config_t object.
*
* Returned value has to get checked for NULL value!
* @brief Get the internal stored sa_config_t object.
*
* @param this calling object
* @return pointer to the internal stored sa_config_t object
@ -193,7 +206,7 @@ struct protected_ike_sa_t {
sa_config_t *(*get_sa_config) (protected_ike_sa_t *this);
/**
* Sets the internal sa_config_t object.
* @brief Set the internal sa_config_t object.
*
* @param this calling object
* @param sa_config object of type sa_config_t
@ -201,7 +214,7 @@ struct protected_ike_sa_t {
void (*set_sa_config) (protected_ike_sa_t *this,sa_config_t *sa_config);
/**
* Gets the internal stored host_t object for my host.
* @brief Get the internal stored host_t object for my host.
*
* @param this calling object
* @return pointer to the internal stored host_t object
@ -209,7 +222,7 @@ struct protected_ike_sa_t {
host_t *(*get_my_host) (protected_ike_sa_t *this);
/**
* Gets the internal stored host_t object for other host.
* @brief Get the internal stored host_t object for other host.
*
* @param this calling object
* @return pointer to the internal stored host_t object
@ -217,7 +230,7 @@ struct protected_ike_sa_t {
host_t *(*get_other_host) (protected_ike_sa_t *this);
/**
* Sets the internal stored host_t object for my host.
* @brief Set the internal stored host_t object for my host.
*
* Allready existing object gets destroyed. object gets not cloned!
*
@ -227,7 +240,7 @@ struct protected_ike_sa_t {
void (*set_my_host) (protected_ike_sa_t *this,host_t * my_host);
/**
* Sets the internal stored host_t object for other host.
* @brief Set the internal stored host_t object for other host.
*
* Allready existing object gets destroyed. object gets not cloned!
*
@ -237,8 +250,8 @@ struct protected_ike_sa_t {
void (*set_other_host) (protected_ike_sa_t *this,host_t *other_host);
/**
* Creates all needed transform objects for given ike_sa_t using
* the informations stored in a ike_proposal_t object
* @brief Create all needed transform objects for this IKE_SA using
* the informations stored in a ike_proposal_t object.
*
* Allready existing objects get destroyed.
*
@ -249,11 +262,11 @@ struct protected_ike_sa_t {
status_t (*create_transforms_from_proposal) (protected_ike_sa_t *this,ike_proposal_t * proposal);
/**
* Sends the next request message.
* @brief Send the next request message.
*
* Also the first retransmit job is created.
*
* Stored requested message gets destroyed. object gets not cloned!
* Last stored requested message gets destroyed. Object gets not cloned!
*
* @param this calling object
* @param message pointer to the message which should be sent
@ -264,9 +277,9 @@ struct protected_ike_sa_t {
status_t (*send_request) (protected_ike_sa_t *this,message_t * message);
/**
* Sends the next response message.
* @brief Send the next response message.
*
* Stored responded message gets destroyed. object gets not cloned!
* Last stored responded message gets destroyed. Object gets not cloned!
*
* @param this calling object
* @param message pointer to the message which should be sent
@ -277,7 +290,7 @@ struct protected_ike_sa_t {
status_t (*send_response) (protected_ike_sa_t *this,message_t * message);
/**
* Gets the internal stored randomizer_t object.
* @brief Get the internal stored randomizer_t object.
*
* @param this calling object
* @return pointer to the internal randomizer_t object
@ -285,10 +298,10 @@ struct protected_ike_sa_t {
randomizer_t *(*get_randomizer) (protected_ike_sa_t *this);
/**
* Sets the new state_t object of the IKE_SA object.
* @brief Set the new state_t object of the IKE_SA object.
*
* The old state_t object gets not destroyed. It's the callers duty to
* make sure old state is destroyed (Normally the old state is the caller ).
* make sure old state is destroyed (Normally the old state is the caller).
*
* @param this calling object
* @param state pointer to the new state_t object
@ -296,7 +309,7 @@ struct protected_ike_sa_t {
void (*set_new_state) (protected_ike_sa_t *this,state_t *state);
/**
* Sets the last replied message id.
* @brief Set the last replied message id.
*
* @param this calling object
* @param message_id message id
@ -304,7 +317,7 @@ struct protected_ike_sa_t {
void (*set_last_replied_message_id) (protected_ike_sa_t *this,u_int32_t message_id);
/**
* Gets the internal stored initiator crypter_t object.
* @brief Get the internal stored initiator crypter_t object.
*
* @param this calling object
* @return pointer to crypter_t object
@ -312,7 +325,7 @@ struct protected_ike_sa_t {
crypter_t *(*get_crypter_initiator) (protected_ike_sa_t *this);
/**
* Gets the internal stored initiator signer object.
* @brief Get the internal stored initiator signer_t object.
*
* @param this calling object
* @return pointer to signer_t object
@ -320,7 +333,7 @@ struct protected_ike_sa_t {
signer_t *(*get_signer_initiator) (protected_ike_sa_t *this);
/**
* Gets the internal stored responder crypter_t object.
* @brief Get the internal stored responder crypter_t object.
*
* @param this calling object
* @return pointer to crypter_t object
@ -328,7 +341,7 @@ struct protected_ike_sa_t {
crypter_t *(*get_crypter_responder) (protected_ike_sa_t *this);
/**
* Gets the internal stored responder signer object.
* @brief Get the internal stored responder signer object.
*
* @param this calling object
* @return pointer to signer_t object
@ -336,7 +349,7 @@ struct protected_ike_sa_t {
signer_t *(*get_signer_responder) (protected_ike_sa_t *this);
/**
* Gets the internal stored prf_t object.
* @brief Get the internal stored prf_t object.
*
* @param this calling object
* @return pointer to prf_t object
@ -344,7 +357,7 @@ struct protected_ike_sa_t {
prf_t *(*get_prf) (protected_ike_sa_t *this);
/**
* Gets the last responded message.
* @brief Get the last responded message.
*
* @param this calling object
* @return
@ -354,7 +367,7 @@ struct protected_ike_sa_t {
message_t *(*get_last_responded_message) (protected_ike_sa_t *this);
/**
* Gets the last requested message.
* @brief Get the last requested message.
*
* @param this calling object
* @return
@ -364,7 +377,7 @@ struct protected_ike_sa_t {
message_t *(*get_last_requested_message) (protected_ike_sa_t *this);
/**
* Gets the Shared key SK_pr.
* @brief Get the Shared key SK_pr.
*
* Returned value is not cloned!
*
@ -374,25 +387,24 @@ struct protected_ike_sa_t {
chunk_t (*get_key_pr) (protected_ike_sa_t *this);
/**
* Gets the Shared key SK_pi.
* @brief Get the Shared key SK_pi.
*
* Returned value is not cloned!
*
* @param this calling object
* @return SK_pr key
* @return SK_pi key
*/
chunk_t (*get_key_pi) (protected_ike_sa_t *this);
/**
* Resets message id counters and does destroy stored received and sent messages.
* @brief Resets message counters and does destroy stored received and sent messages.
*
* @param this calling object
*/
void (*reset_message_buffers) (protected_ike_sa_t *this);
/**
* Creates a job of type DELETE_ESTABLISHED_IKE_SA for the current IKE_SA.
*
* @brief Creates a job of type DELETE_ESTABLISHED_IKE_SA for the current IKE_SA.
*
* @param this calling object
* @param timeout timeout after the IKE_SA gets deleted
@ -402,17 +414,15 @@ struct protected_ike_sa_t {
};
/**
* Creates an ike_sa_t object with a specific ike_sa_id_t object
* @brief Creates an ike_sa_t object with a specific ID.
*
* @warning the Content of internal ike_sa_id_t object can change over time
* e.g. when a IKE_SA_INIT has been finished.
*
* @param[in] ike_sa_id ike_sa_id_t object to associate with new IKE_SA.
* The object is internal getting cloned
* and so has to be destroyed by the caller.
*
* @warning the Content of internal ike_sa_id_t object can change over time
* e.g. when a IKE_SA_INIT has been finished.
*
* @return ike_sa_t object
*
* @ingroup sa

86
Source/charon/sa/ike_sa_manager.c
View File

@ -39,41 +39,48 @@ typedef struct ike_sa_entry_t ike_sa_entry_t;
*/
struct ike_sa_entry_t {
/**
* destructor, also destroys ike_sa
* Destructor, also destroys associated ike_sa_t object.
*/
status_t (*destroy) (ike_sa_entry_t *this);
/**
* Number of threads waiting for this ike_sa
* Number of threads waiting for this ike_sa_t object.
*/
int waiting_threads;
/**
* condvar where threads can wait until it's free again
* Condvar where threads can wait until ike_sa_t object is free for use again.
*/
pthread_cond_t condvar;
/**
* is this ike_sa currently checked out?
* Is this ike_sa currently checked out?
*/
bool checked_out;
/**
* Does this SA drives out new threads?
*/
bool driveout_new_threads;
/**
* Does this SA drives out waiting threads?
*/
bool driveout_waiting_threads;
/**
* identifiaction of ike_sa (SPIs)
* Identifiaction of an IKE_SA (SPIs).
*/
ike_sa_id_t *ike_sa_id;
/**
* the contained ike_sa
* The contained ike_sa_t object.
*/
ike_sa_t *ike_sa;
};
/**
* Implements ike_sa_entry_t.destroy.
* Implementation of ike_sa_entry_t.destroy.
*/
static status_t ike_sa_entry_destroy(ike_sa_entry_t *this)
{
@ -85,12 +92,12 @@ static status_t ike_sa_entry_destroy(ike_sa_entry_t *this)
}
/**
* @brief creates a new entry for the ike_sa list
* @brief Creates a new entry for the ike_sa_t list.
*
* This constructor additionaly creates a new and empty SA.
*
* @param ike_sa_id the associated ike_sa_id_t, will be cloned
* @return created entry, with ike_sa and ike_sa_id
* @param ike_sa_id The associated ike_sa_id_t, will be cloned
* @return ike_sa_entry_t object
*/
static ike_sa_entry_t *ike_sa_entry_create(ike_sa_id_t *ike_sa_id)
{
@ -116,36 +123,37 @@ static ike_sa_entry_t *ike_sa_entry_create(ike_sa_id_t *ike_sa_id)
return this;
}
typedef struct private_ike_sa_manager_t private_ike_sa_manager_t;
/**
* Additional private members to ike_sa_manager_t
* Additional private members of ike_sa_manager_t.
*/
struct private_ike_sa_manager_t {
/**
* Public members
* Public interface of ike_sa_manager_t.
*/
ike_sa_manager_t public;
/**
* @brief get next spi
*
* we give out SPIs incremental.
* @brief Get next spi.
*
* We give out SPIs incremental starting at 1.
*
* @param this the ike_sa_manager
* @return the next spi
*/
u_int64_t (*get_next_spi) (private_ike_sa_manager_t *this);
/**
* @brief find the ike_sa_entry in the list by SPIs.
* @brief Find the ike_sa_entry_t object in the list by SPIs.
*
* This function simply iterates over the linked list. A hash-table
* would be more efficient when storing a lot of IKE_SAs...
*
* @param this the ike_sa_manager containing the list
* @param this calling object
* @param ike_sa_id id of the ike_sa, containing SPIs
* @param entry[out] pointer to set to the found entry
* @param[out] entry pointer to set to the found entry
* @return
* - SUCCESS when found,
* - NOT_FOUND when no such ike_sa_id in list
@ -153,14 +161,14 @@ struct private_ike_sa_manager_t {
status_t (*get_entry_by_id) (private_ike_sa_manager_t *this, ike_sa_id_t *ike_sa_id, ike_sa_entry_t **entry);
/**
* @brief find the ike_sa_entry in the list by pointer to SA.
* @brief Find the ike_sa_entry_t in the list by pointer to SA.
*
* This function simply iterates over the linked list. A hash-table
* would be more efficient when storing a lot of IKE_SAs...
*
* @param this the ike_sa_manager containing the list
* @param ike_sa pointer to the ike_sa
* @param entry[out] pointer to set to the found entry
* @param this calling object
* @param ike_sa pointer to the ike_sa
* @param[out] entry pointer to set to the found entry
* @return
* - SUCCESS when found,
* - NOT_FOUND when no such ike_sa_id in list
@ -168,9 +176,9 @@ struct private_ike_sa_manager_t {
status_t (*get_entry_by_sa) (private_ike_sa_manager_t *this, ike_sa_t *ike_sa, ike_sa_entry_t **entry);
/**
* @brief delete an entry from the linked list
* @brief Felete an entry from the linked list.
*
* @param this the ike_sa_manager containing the list
* @param this calling object
* @param entry entry to delete
* @return
* - SUCCESS when found,
@ -179,28 +187,28 @@ struct private_ike_sa_manager_t {
status_t (*delete_entry) (private_ike_sa_manager_t *this, ike_sa_entry_t *entry);
/**
* lock for exclusivly accessing the manager
* Lock for exclusivly accessing the manager.
*/
pthread_mutex_t mutex;
/**
* Logger used for this IKE SA Manager
* Logger used for this IKE SA Manager.
*/
logger_t *logger;
/**
* Linked list with entries for the ike_sa
* Linked list with entries for the ike_sa_t objects.
*/
linked_list_t *ike_sa_list;
/**
* Next SPI, needed for incremental creation of SPIs
* Next SPI, needed for incremental creation of SPIs.
*/
u_int64_t next_spi;
};
/**
* Implements private_ike_sa_manager_t.get_entry_by_id.
* Implementation of private_ike_sa_manager_t.get_entry_by_id.
*/
static status_t get_entry_by_id(private_ike_sa_manager_t *this, ike_sa_id_t *ike_sa_id, ike_sa_entry_t **entry)
{
@ -256,7 +264,7 @@ static status_t get_entry_by_id(private_ike_sa_manager_t *this, ike_sa_id_t *ike
}
/**
* Implements private_ike_sa_manager_t.get_entry_by_sa.
* Implementation of private_ike_sa_manager_t.get_entry_by_sa.
*/
static status_t get_entry_by_sa(private_ike_sa_manager_t *this, ike_sa_t *ike_sa, ike_sa_entry_t **entry)
{
@ -288,7 +296,7 @@ static status_t get_entry_by_sa(private_ike_sa_manager_t *this, ike_sa_t *ike_sa
}
/**
* Implements private_ike_sa_manager_s.delete_entry.
* Implementation of private_ike_sa_manager_s.delete_entry.
*/
static status_t delete_entry(private_ike_sa_manager_t *this, ike_sa_entry_t *entry)
{
@ -319,7 +327,7 @@ static status_t delete_entry(private_ike_sa_manager_t *this, ike_sa_entry_t *ent
/**
* Implements private_ike_sa_manager_t.get_next_spi.
* Implementation of private_ike_sa_manager_t.get_next_spi.
*/
static u_int64_t get_next_spi(private_ike_sa_manager_t *this)
{
@ -333,7 +341,7 @@ static u_int64_t get_next_spi(private_ike_sa_manager_t *this)
}
/**
* Implementation of ike_sa_manager.create_and_checkout.
* Implementation of of ike_sa_manager.create_and_checkout.
*/
static void create_and_checkout(private_ike_sa_manager_t *this,ike_sa_t **ike_sa)
{
@ -363,7 +371,7 @@ static void create_and_checkout(private_ike_sa_manager_t *this,ike_sa_t **ike_sa
}
/**
* Implementation of ike_sa_manager.checkout.
* Implementation of of ike_sa_manager.checkout.
*/
static status_t checkout(private_ike_sa_manager_t *this, ike_sa_id_t *ike_sa_id, ike_sa_t **ike_sa)
{
@ -482,7 +490,7 @@ static status_t checkout(private_ike_sa_manager_t *this, ike_sa_id_t *ike_sa_id,
}
/**
* Implements ike_sa_manager_t.checkin.
* Implementation of ike_sa_manager_t.checkin.
*/
static status_t checkin(private_ike_sa_manager_t *this, ike_sa_t *ike_sa)
{
@ -519,7 +527,7 @@ static status_t checkin(private_ike_sa_manager_t *this, ike_sa_t *ike_sa)
/**
* Implements ike_sa_manager_t.checkin_and_delete.
* Implementation of ike_sa_manager_t.checkin_and_delete.
*/
static status_t checkin_and_delete(private_ike_sa_manager_t *this, ike_sa_t *ike_sa)
{
@ -564,7 +572,7 @@ static status_t checkin_and_delete(private_ike_sa_manager_t *this, ike_sa_t *ike
}
/**
* Implements ike_sa_manager_t.delete.
* Implementation of ike_sa_manager_t.delete.
*/
static status_t delete(private_ike_sa_manager_t *this, ike_sa_id_t *ike_sa_id)
{
@ -607,7 +615,7 @@ static status_t delete(private_ike_sa_manager_t *this, ike_sa_id_t *ike_sa_id)
}
/**
* Implements ike_sa_manager_t.destroy.
* Implementation of ike_sa_manager_t.destroy.
*/
static void destroy(private_ike_sa_manager_t *this)
{
@ -666,7 +674,7 @@ static void destroy(private_ike_sa_manager_t *this)
}
/*
* Described in header
* Described in header.
*/
ike_sa_manager_t *ike_sa_manager_create()
{

31
Source/charon/sa/ike_sa_manager.h
View File

@ -20,8 +20,8 @@
* for more details.
*/
#ifndef IKE_SA_MANAGER_H_
#define IKE_SA_MANAGER_H_
#ifndef _IKE_SA_MANAGER_H_
#define _IKE_SA_MANAGER_H_
#include <types.h>
#include <sa/ike_sa.h>
@ -30,7 +30,7 @@
typedef struct ike_sa_manager_t ike_sa_manager_t;
/**
* @brief The IKE_SA-Manager manages the IKE_SAs ;-).
* @brief The IKE_SA-Manager is responsible for managing all initiated and responded IKE_SA's.
*
* To avoid access from multiple threads, IKE_SAs must be checked out from
* the manager, and checked in after usage.
@ -39,6 +39,8 @@ typedef struct ike_sa_manager_t ike_sa_manager_t;
* @todo checking of double-checkouts from the same threads would be nice.
* This could be done by comparing thread-ids via pthread_self()...
*
* @todo Managing of ike_sa_t objects in a hash table instead of linked list.
*
* @b Constructors:
* - ike_sa_manager_create()
*
@ -46,7 +48,7 @@ typedef struct ike_sa_manager_t ike_sa_manager_t;
*/
struct ike_sa_manager_t {
/**
* @brief Checkout an IKE_SA, create it when necesarry
* @brief Checkout an IKE_SA, create it when necesarry.
*
* Checks out a SA by its ID. An SA will be created, when:
* - Responder SPI is not set (when received an IKE_SA_INIT from initiator)
@ -69,19 +71,16 @@ struct ike_sa_manager_t {
/**
* @brief Create and checkout an IKE_SA as original initator.
*
* Creates and checks out a SA as initiator. An SA will be created, when:
* Creates and checks out a SA as initiator.
* Management of SPIs is the managers job, he will set it.
*
* @warning checking out two times without checking in will
* result in a deadlock!
*
* @param ike_sa_manager the manager object
* @param ike_sa[out] checked out SA
*/
void (*create_and_checkout) (ike_sa_manager_t* ike_sa_manager,ike_sa_t **ike_sa);
/**
* @brief Checkin the SA after usage
* @brief Checkin the SA after usage.
*
* @warning the SA pointer MUST NOT be used after checkin!
* The SA must be checked out again!
@ -95,7 +94,7 @@ struct ike_sa_manager_t {
*/
status_t (*checkin) (ike_sa_manager_t* ike_sa_manager, ike_sa_t *ike_sa);
/**
* @brief delete a SA, wich was not checked out
* @brief Delete a SA, which was not checked out.
*
* @warning do not use this when the SA is already checked out, this will
* deadlock!
@ -109,7 +108,7 @@ struct ike_sa_manager_t {
status_t (*delete) (ike_sa_manager_t* ike_sa_manager, ike_sa_id_t *ike_sa_id);
/**
* @brief delete a checked out SA
* @brief Delete a checked out SA.
*
* @param ike_sa_manager the manager object
* @param ike_sa SA to delete
@ -120,9 +119,9 @@ struct ike_sa_manager_t {
status_t (*checkin_and_delete) (ike_sa_manager_t* ike_sa_manager, ike_sa_t *ike_sa);
/**
* @brief Destroys the manager with all associated SAs
* @brief Destroys the manager with all associated SAs.
*
* Threads will be driven out, so all SAs can be deleted cleanly
* Threads will be driven out, so all SAs can be deleted cleanly.
*
* @param ike_sa_manager the manager object
*/
@ -130,12 +129,12 @@ struct ike_sa_manager_t {
};
/**
* @brief Create a manager
* @brief Create a manager.
*
* @returns ike_sa_manager_t object
* @returns ike_sa_manager_t object
*
* @ingroup sa
*/
ike_sa_manager_t *ike_sa_manager_create();
#endif /*IKE_SA_MANAGER_H_*/
#endif /*_IKE_SA_MANAGER_H_*/

4
Source/charon/utils/logger.c
View File

@ -97,6 +97,10 @@ static void prepend_prefix(private_logger_t *this, logger_level_t loglevel, char
{
log_type = '?';
}
else if (loglevel & AUDIT)
{
log_type = '>';
}
else
{
log_type = '-';