cleaned code
This commit is contained in:
parent
1b3f92d28d
commit
56aeee4936
|
@ -182,16 +182,16 @@ static void load_default_config (private_configuration_manager_t *this)
|
|||
init_config3->add_proposal(init_config3,1,proposals[0]);
|
||||
init_config3->add_proposal(init_config3,1,proposals[1]);
|
||||
|
||||
sa_config1 = sa_config_create(ID_IPV4_ADDR, "152.96.193.130",
|
||||
ID_IPV4_ADDR, "152.96.193.131",
|
||||
RSA_DIGITAL_SIGNATURE);
|
||||
sa_config1 = sa_config_create(ID_IPV4_ADDR, "152.96.193.131",
|
||||
ID_IPV4_ADDR, "152.96.193.130",
|
||||
SHARED_KEY_MESSAGE_INTEGRITY_CODE);
|
||||
|
||||
sa_config1->add_traffic_selector_initiator(sa_config1,ts);
|
||||
sa_config1->add_traffic_selector_responder(sa_config1,ts);
|
||||
|
||||
sa_config2 = sa_config_create(ID_IPV4_ADDR, "152.96.193.130",
|
||||
ID_IPV4_ADDR, "152.96.193.131",
|
||||
RSA_DIGITAL_SIGNATURE);
|
||||
SHARED_KEY_MESSAGE_INTEGRITY_CODE);
|
||||
|
||||
sa_config2->add_traffic_selector_initiator(sa_config2,ts);
|
||||
sa_config2->add_traffic_selector_responder(sa_config2,ts);
|
||||
|
|
|
@ -404,6 +404,7 @@ sa_config_t *sa_config_create(id_type_t my_id_type, char *my_id, id_type_t other
|
|||
this->proposals = linked_list_create();
|
||||
this->ts_initiator = linked_list_create();
|
||||
this->ts_responder = linked_list_create();
|
||||
this->auth_method = auth_method;
|
||||
|
||||
return (&this->public);
|
||||
}
|
||||
|
|
|
@ -159,7 +159,7 @@ static void build_test_jobs(private_daemon_t *this)
|
|||
for(i = 0; i<1; i++)
|
||||
{
|
||||
initiate_ike_sa_job_t *initiate_job;
|
||||
initiate_job = initiate_ike_sa_job_create("localhost");
|
||||
initiate_job = initiate_ike_sa_job_create("pinflb30");
|
||||
this->public.job_queue->add(this->public.job_queue, (job_t*)initiate_job);
|
||||
}
|
||||
}
|
||||
|
|
|
@ -54,7 +54,7 @@
|
|||
* Port on which the daemon will
|
||||
* listen for incoming traffic
|
||||
*/
|
||||
#define IKEV2_UDP_PORT 4500
|
||||
#define IKEV2_UDP_PORT 500
|
||||
|
||||
/**
|
||||
* Default loglevel to use. This is the
|
||||
|
|
|
@ -155,6 +155,7 @@ static status_t process_message(private_ike_sa_init_requested_t *this, message_t
|
|||
{
|
||||
ike_auth_requested_t *next_state;
|
||||
exchange_type_t exchange_type;
|
||||
init_config_t *init_config;
|
||||
u_int64_t responder_spi;
|
||||
ike_sa_id_t *ike_sa_id;
|
||||
iterator_t *payloads;
|
||||
|
@ -190,10 +191,13 @@ static status_t process_message(private_ike_sa_init_requested_t *this, message_t
|
|||
return status;
|
||||
}
|
||||
|
||||
/* get configuration */
|
||||
init_config = this->ike_sa->get_init_config(this->ike_sa);
|
||||
|
||||
|
||||
if (responder_spi == 0)
|
||||
{
|
||||
this->logger->log(this->logger, ERROR | MORE, "Responder SPI still zero.");
|
||||
this->logger->log(this->logger, ERROR | MORE, "Responder SPI still zero");
|
||||
return FAILED;
|
||||
}
|
||||
/* because I am original initiator i have to update the responder SPI to the new one */
|
||||
|
@ -207,7 +211,7 @@ static status_t process_message(private_ike_sa_init_requested_t *this, message_t
|
|||
*/
|
||||
payloads = ike_sa_init_reply->get_payload_iterator(ike_sa_init_reply);
|
||||
while (payloads->has_next(payloads))
|
||||
{
|
||||
{
|
||||
payload_t *payload;
|
||||
payloads->current(payloads, (void**)&payload);
|
||||
|
||||
|
@ -220,9 +224,9 @@ static status_t process_message(private_ike_sa_init_requested_t *this, message_t
|
|||
ike_proposal_t *ike_proposals;
|
||||
ike_proposal_t selected_proposal;
|
||||
size_t proposal_count;
|
||||
init_config_t *init_config;
|
||||
|
||||
|
||||
/* get the list of suggested proposals */
|
||||
/* get the list of selected proposals */
|
||||
status = sa_payload->get_ike_proposals (sa_payload, &ike_proposals,&proposal_count);
|
||||
if (status != SUCCESS)
|
||||
{
|
||||
|
@ -230,24 +234,22 @@ static status_t process_message(private_ike_sa_init_requested_t *this, message_t
|
|||
payloads->destroy(payloads);
|
||||
return status;
|
||||
}
|
||||
|
||||
/* the peer has to select only one proposal */
|
||||
if (proposal_count != 1)
|
||||
{
|
||||
this->logger->log(this->logger, ERROR | MORE, "More then one proposal selected!");
|
||||
this->logger->log(this->logger, ERROR | MORE, "More then 1 proposal (%d) selected!",proposal_count);
|
||||
allocator_free(ike_proposals);
|
||||
payloads->destroy(payloads);
|
||||
return status;
|
||||
}
|
||||
|
||||
/* now let the configuration-manager check the selected proposals*/
|
||||
this->logger->log(this->logger, CONTROL | MOST, "Check suggested proposals");
|
||||
init_config = this->ike_sa->get_init_config(this->ike_sa);
|
||||
|
||||
this->logger->log(this->logger, CONTROL | MOST, "Check selected proposal");
|
||||
status = init_config->select_proposal (init_config,ike_proposals,1,&selected_proposal);
|
||||
allocator_free(ike_proposals);
|
||||
if (status != SUCCESS)
|
||||
{
|
||||
this->logger->log(this->logger, ERROR | MORE, "Selected proposal not a suggested one!");
|
||||
this->logger->log(this->logger, ERROR | MORE, "Selected proposal not a suggested one! Peer is trying to trick me!");
|
||||
payloads->destroy(payloads);
|
||||
return status;
|
||||
}
|
||||
|
@ -265,17 +267,16 @@ static status_t process_message(private_ike_sa_init_requested_t *this, message_t
|
|||
case KEY_EXCHANGE:
|
||||
{
|
||||
ke_payload_t *ke_payload = (ke_payload_t*)payload;
|
||||
|
||||
this->diffie_hellman->set_other_public_value(this->diffie_hellman, ke_payload->get_key_exchange_data(ke_payload));
|
||||
|
||||
this->diffie_hellman->set_other_public_value(this->diffie_hellman, ke_payload->get_key_exchange_data(ke_payload));
|
||||
/* shared secret is computed AFTER processing of all payloads... */
|
||||
break;
|
||||
}
|
||||
case NONCE:
|
||||
{
|
||||
nonce_payload_t *nonce_payload = (nonce_payload_t*)payload;
|
||||
nonce_payload_t *nonce_payload = (nonce_payload_t*)payload;
|
||||
|
||||
allocator_free(this->received_nonce.ptr);
|
||||
|
||||
this->received_nonce = CHUNK_INITIALIZER;
|
||||
|
||||
nonce_payload->get_nonce(nonce_payload, &(this->received_nonce));
|
||||
|
@ -283,7 +284,7 @@ static status_t process_message(private_ike_sa_init_requested_t *this, message_t
|
|||
}
|
||||
default:
|
||||
{
|
||||
this->logger->log(this->logger, ERROR, "Payload type not supported!!!!");
|
||||
this->logger->log(this->logger, ERROR, "Payload type %s not supported in state ike_sa_init_requested!", mapping_find(payload_type_m, payload->get_type(payload)));
|
||||
payloads->destroy(payloads);
|
||||
return FAILED;
|
||||
}
|
||||
|
@ -296,25 +297,28 @@ static status_t process_message(private_ike_sa_init_requested_t *this, message_t
|
|||
allocator_free(this->shared_secret.ptr);
|
||||
this->shared_secret = CHUNK_INITIALIZER;
|
||||
|
||||
/* store shared secret */
|
||||
/* store shared secret
|
||||
* status of dh objectt does not have to get checked cause other key is set
|
||||
*/
|
||||
this->logger->log(this->logger, CONTROL | MOST, "Retrieve shared secret and store it");
|
||||
status = this->diffie_hellman->get_shared_secret(this->diffie_hellman, &(this->shared_secret));
|
||||
this->logger->log_chunk(this->logger, PRIVATE, "Shared secret", &this->shared_secret);
|
||||
|
||||
|
||||
this->logger->log(this->logger, CONTROL | MOST, "Going to derive all secrets from shared secret");
|
||||
this->ike_sa->compute_secrets(this->ike_sa,this->shared_secret,this->sent_nonce, this->received_nonce);
|
||||
|
||||
/* build the complete IKE_AUTH request */
|
||||
this->build_ike_auth_request (this,&request);
|
||||
|
||||
/* generate packet */
|
||||
this->logger->log(this->logger, CONTROL|MOST, "generate packet from message");
|
||||
this->logger->log(this->logger, CONTROL|MOST, "Generate packet from message");
|
||||
|
||||
status = request->generate(request, this->ike_sa->get_crypter_initiator(this->ike_sa), this->ike_sa->get_signer_initiator(this->ike_sa), &packet);
|
||||
if (status != SUCCESS)
|
||||
{
|
||||
this->logger->log(this->logger, ERROR, "could not generate packet from message");
|
||||
this->logger->log(this->logger, ERROR, "Could not generate packet from message");
|
||||
request->destroy(request);
|
||||
return status;
|
||||
return DELETE_ME;
|
||||
}
|
||||
|
||||
this->logger->log(this->logger, CONTROL|MOST, "Add packet to global send queue");
|
||||
|
@ -332,7 +336,7 @@ static status_t process_message(private_ike_sa_init_requested_t *this, message_t
|
|||
this->logger->log(this->logger, ERROR, "Could not set last requested message");
|
||||
(next_state->state_interface).destroy(&(next_state->state_interface));
|
||||
request->destroy(request);
|
||||
return status;
|
||||
return DELETE_ME;
|
||||
}
|
||||
|
||||
/* state can now be changed */
|
||||
|
@ -343,7 +347,6 @@ static status_t process_message(private_ike_sa_init_requested_t *this, message_t
|
|||
|
||||
this->logger->log(this->logger, CONTROL|MOST, "Destroy old sate object");
|
||||
this->destroy_after_state_change(this);
|
||||
|
||||
return SUCCESS;
|
||||
}
|
||||
|
||||
|
|
|
@ -214,11 +214,19 @@ static void process_incoming_packet_job(private_thread_pool_t *this, incoming_pa
|
|||
ike_sa_id->get_responder_spi(ike_sa_id),
|
||||
ike_sa_id->is_initiator(ike_sa_id) ? "initiator" : "responder");
|
||||
ike_sa_id->destroy(ike_sa_id);
|
||||
|
||||
status = charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
|
||||
|
||||
if (status == DELETE_ME)
|
||||
{
|
||||
status = charon->ike_sa_manager->checkin_and_delete(charon->ike_sa_manager, ike_sa);
|
||||
}
|
||||
else
|
||||
{
|
||||
status = charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
|
||||
}
|
||||
|
||||
if (status != SUCCESS)
|
||||
{
|
||||
this->worker_logger->log(this->worker_logger, ERROR, "checkin of IKE SA failed");
|
||||
this->worker_logger->log(this->worker_logger, ERROR, "checkin of IKE SA failed!");
|
||||
}
|
||||
message->destroy(message);
|
||||
}
|
||||
|
@ -247,7 +255,7 @@ static void process_initiate_ike_sa_job(private_thread_pool_t *this, initiate_ik
|
|||
status = ike_sa->initialize_connection(ike_sa, job->get_configuration_name(job));
|
||||
if (status != SUCCESS)
|
||||
{
|
||||
this->worker_logger->log(this->worker_logger, ERROR, "%s by initialize_conection, job and rejected, IKE_SA deleted.",
|
||||
this->worker_logger->log(this->worker_logger, ERROR, "%s by initialize_conection, going to delete IKE_SA.",
|
||||
mapping_find(status_m, status));
|
||||
charon->ike_sa_manager->checkin_and_delete(charon->ike_sa_manager, ike_sa);
|
||||
return;
|
||||
|
|
|
@ -35,6 +35,7 @@ mapping_t status_m[] = {
|
|||
{PARSE_ERROR, "PARSE_ERROR"},
|
||||
{VERIFY_ERROR, "VERIFY_ERROR"},
|
||||
{INVALID_STATE, "INVALID_STATE"},
|
||||
{DELETE_ME, "DELETE_ME"},
|
||||
{MAPPING_END, NULL}
|
||||
};
|
||||
|
||||
|
|
|
@ -45,7 +45,8 @@ enum status_t {
|
|||
NOT_FOUND,
|
||||
PARSE_ERROR,
|
||||
VERIFY_ERROR,
|
||||
INVALID_STATE
|
||||
INVALID_STATE,
|
||||
DELETE_ME,
|
||||
};
|
||||
|
||||
extern mapping_t status_m[];
|
||||
|
|
Loading…
Reference in New Issue