ikesacontroller.h

00001 /***************************************************************************
00002 *   Copyright (C) 2005 by                                                 *
00003 *   Pedro J. Fernandez Ruiz    pedroj.fernandez@dif.um.es                 *
00004 *   Alejandro Perez Mendez     alejandro_perez@dif.um.es                  *
00005 *                                                                         *
00006 *   This library is free software; you can redistribute it and/or         *
00007 *   modify it under the terms of the GNU Lesser General Public            *
00008 *   License as published by the Free Software Foundation; either          *
00009 *   version 2.1 of the License, or (at your option) any later version.    *
00010 *                                                                         *
00011 *   This library is distributed in the hope that it will be useful,       *
00012 *   but WITHOUT ANY WARRANTY; without even the implied warranty of        *
00013 *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU     *
00014 *   Lesser General Public License for more details.                       *
00015 *                                                                         *
00016 *   You should have received a copy of the GNU Lesser General Public      *
00017 *   License along with this library; if not, write to the Free Software   *
00018 *   Foundation, Inc., 51 Franklin St, Fifth Floor,                        *
00019 *   Boston, MA  02110-1301  USA                                           *
00020 ***************************************************************************/
00021 #ifndef IKE_SA_CONTROLLER_H
00022 #define IKE_SA_CONTROLLER_H
00023 
00024 #ifdef HAVE_CONFIG_H
00025 #include "config.h"
00026 #endif
00027 
00028 #include <deque>
00029 
00030 #include "alarmable.h"
00031 #include "message.h"
00032 #include "ipaddress.h"
00033 #include "diffiehellman.h"
00034 #include "payload_nonce.h"
00035 #include "payload_ke.h"
00036 #include "payload_notify.h"
00037 #include "mutex.h"
00038 #include "keyring.h"
00039 #include "cipher.h"
00040 #include "childsa.h"
00041 #include "alarm.h"
00042 #include "id.h"
00043 #include "ikeconfiguration.h"
00044 #include "eapclientcontroller.h"
00045 #include "eapservercontroller.h"
00046 #include "attributemap.h"
00047 #include "payload_conf.h"
00048 
00049 namespace openikev2 {
00050     typedef class Command;
00051 
00056     class IkeSaController : public Alarmable {
00057             friend class ThreadControllerImpl;
00058             friend class BusEventIkeSa;
00059 
00060             /****************************** ENUMS ******************************/
00061         public:
00063             enum IKE_SA_STATE {
00064                 // HALF_OPEN STATES
00065                 // initiator states
00066                 STATE_INITIAL,                                   
00067                 STATE_IKE_SA_INIT_SENT,                          
00068                 STATE_IKE_AUTH_SENT,                             
00069                 STATE_IKE_AUTH_EAP_INIT_SENT,                    
00070                 STATE_IKE_AUTH_EAP_CONT_SENT,                    
00071                 STATE_IKE_AUTH_EAP_FINISH_SENT,                  
00073                 // responder states
00074                 STATE_IKE_SA_INIT_RECV,                          
00075                 STATE_IKE_AUTH_RECV,                             
00076                 STATE_IKE_AUTH_EAP_INIT_RECV,                    
00077                 STATE_IKE_AUTH_EAP_CONT_RECV,                    
00078                 STATE_IKE_AUTH_EAP_SUCCESS,                      
00080                 // ESTABLISHED STATES
00081                 STATE_IKE_SA_ESTABLISHED,                        
00082                 STATE_NEW_CHILD_SA_SENT,                         
00083                 STATE_REKEY_CHILD_SA_SENT,                       
00084                 STATE_REKEY_IKE_SA_SENT,                         
00085                 STATE_DELETE_CHILD_SA_SENT,                      
00086                 STATE_DELETE_IKE_SA_SENT,                        
00087                 STATE_INFORMATIONAL_SENT,                        
00088                 STATE_REDUNDANT_CHILD_SA,                        
00089                 STATE_REDUNDANT_IKE_SA,                          
00090                 STATE_IKE_SA_DYING,                              
00092                 STATE_MAX,                                       
00093         };
00094 
00095             /****************************** ATTRIBUTES ******************************/
00096         protected:
00097             IKE_SA_STATE state;                                     
00098             auto_ptr<IkeConfiguration> ike_configuration;           
00099             auto_ptr<IpsecConfiguration> ipsec_configuration;       
00100             deque<Command*> command_queue;                          
00101             deque<Command*> deferred_queue;                         
00102             bool has_pending_command;                               
00103             auto_ptr<Mutex> mutex_command_queue;                    
00104             AutoVector<Payload_NOTIFY> response_notifies_to_be_included;   
00105             auto_ptr<Cipher> send_cipher;                           
00106             auto_ptr<Cipher> receive_cipher;                        
00107             auto_ptr<PseudoRandomFunction> prf;                     
00108             auto_ptr<KeyRing> key_ring;                             
00110         public:
00111             uint64_t my_spi;                                        
00112             uint64_t peer_spi;                                      
00113             auto_ptr<IpAddress> my_addr;                            
00114             auto_ptr<IpAddress> peer_addr;                          
00115             uint32_t my_message_id;                                 
00116             uint32_t peer_message_id;                               
00117             bool is_initiator;                                      
00118             bool is_auth_initiator;                                 
00119             auto_ptr<Message> ike_sa_init_req;                      
00120             auto_ptr<Message> ike_sa_init_res;                      
00121             auto_ptr<Message> last_sent_request;                    
00122             auto_ptr<Message> last_sent_response;                   
00123             uint32_t remaining_timeout_retries;                     
00124             auto_ptr<Alarm> retransmition_alarm;                    
00125             auto_ptr<EapClientController> eap_client_controller;    
00126             auto_ptr<EapServerController> eap_server_controller;    
00127             bool is_half_open;                                      
00128             auto_ptr<ID> my_id;                                     
00129             auto_ptr<ID> peer_id;                                   
00130             auto_ptr<AttributeMap> attributemap;                    
00131             bool peer_support_hash_url;                             
00132             map<uint32_t, ChildSa*> child_sa_collection_inbound;    
00133             map<uint32_t, ChildSa*> child_sa_collection_outbound;   
00134             auto_ptr<ChildSa> my_creating_child_sa;                 
00135             auto_ptr<ChildSa> peer_creating_child_sa;               
00136             auto_ptr<Alarm> rekey_ike_sa_alarm;                     
00137             auto_ptr<Alarm> halfopen_alarm;                         
00138             auto_ptr<ByteArray> my_nonce;                           
00139             auto_ptr<ByteArray> peer_nonce;                         
00140             bool is_idle;                                           
00141             auto_ptr<IkeSaController> my_creating_ike_sa;         
00142             auto_ptr<IkeSaController> peer_creating_ike_sa;       
00143             bool is_dying;                                          
00144             auto_ptr<ByteArray> my_vendor_id;                       
00145             auto_ptr<ByteArray> peer_vendor_id;                     
00146             auto_ptr<DiffieHellman> dh;                             
00148             /****************************** METHODS ******************************/
00149         protected:
00157             void base( uint64_t my_spi, bool is_initiator, auto_ptr<IpAddress> my_addr, auto_ptr<IpAddress> peer_addr );
00158 
00165             static IkeSaController& hasMinNonce( const IkeSaController& ike_sa_controller1, const IkeSaController& ike_sa_controller2 );
00166 
00172             void pushCommand( auto_ptr<Command> command, bool priority );
00173 
00178             auto_ptr<Command> popDeferredCommand();
00179 
00185             auto_ptr<Command> popCommand();
00186 
00192             bool checkPeerIkeSpi( Message &message );
00193 
00199             bool checkMessageId( Message &message );
00200 
00207             void createChildSa( auto_ptr<ChildSa> child_sa );
00208 
00209             void inheritIkeSaStatus( IkeSaController& other );
00210 
00211             ChildSa* getChildSa( uint32_t spi );
00212 
00213             Proposal& getProposal() const;
00214 
00215             void setProposal( auto_ptr<Proposal> proposal );
00216 
00217             Enums::MESSAGE_ACTION createIkeSaNegotiationRequest( Message& message, IkeSaController & ike_sa_controller );
00218             Enums::MESSAGE_ACTION processIkeSaNegotiationResponse( Message& message, IkeSaController & ike_sa_controller );
00219             Enums::MESSAGE_ACTION processIkeSaNegotiationRequest( Message& message, IkeSaController & ike_sa_controller );
00220             Enums::MESSAGE_ACTION createIkeSaNegotiationResponse( Message& message, IkeSaController & ike_sa_controller );
00221 
00222             Enums::MESSAGE_ACTION createChildSaNegotiationRequest( Message& message );
00223             Enums::MESSAGE_ACTION processChildSaNegotiationResponse( Message& message );
00224             Enums::MESSAGE_ACTION processChildSaNegotiationRequest( Message& message );
00225             Enums::MESSAGE_ACTION createChildSaNegotiationResponse( Message& message );
00226 
00227         public:
00236             IkeSaController( uint64_t my_spi, bool is_initiator, auto_ptr<IpAddress> my_addr, auto_ptr<IpAddress> peer_addr, auto_ptr<ChildSa> child_sa );
00237 
00248             IkeSaController( uint64_t my_spi, bool is_initiator, bool is_auth_initiator, auto_ptr<IpAddress> my_addr, auto_ptr<IpAddress> peer_addr, auto_ptr<ID> my_id, auto_ptr<ID> peer_id );
00249 
00255             static string IKE_SA_STATE_STR( IKE_SA_STATE state );
00256 
00261             bool processCommand();
00262 
00267             void addResponseNotifyPayload( auto_ptr<Payload_NOTIFY> payload_notify );
00268 
00272             Enums::MESSAGE_ACTION close();
00273 
00278             void setState( IKE_SA_STATE state );
00279 
00284             IKE_SA_STATE getState();
00285 
00290             void checkForCommands();
00291             
00296             void pushDeferredCommand( auto_ptr<Command> command );
00297 
00304             auto_ptr<Message> createMessage( Message::EXCHANGE_TYPE exchange_type, Message::MESSAGE_TYPE message_type ) const;
00305 
00311             Enums::MESSAGE_ACTION createIkeSaInitRequest();
00312 
00317             Enums::MESSAGE_ACTION createIkeSaInitResponse();
00318 
00324             Enums::MESSAGE_ACTION createIkeAuthRequest( Payload_CERT_REQ* received_payload_cert_req );
00325 
00331             Enums::MESSAGE_ACTION createIkeAuthNoEapResponse( auto_ptr<Payload_CONF> payload_conf_r, auto_ptr<Certificate> my_certificate );
00332 
00338             Enums::MESSAGE_ACTION createRekeyChildSaRequest( uint32_t spi_rekey );
00339 
00345             Enums::MESSAGE_ACTION createNewChildSaRequest( auto_ptr<ChildSa> child_sa );
00346 
00351             Enums::MESSAGE_ACTION createChildSaResponse( );
00352 
00357             Enums::MESSAGE_ACTION generateInformationalRequest( AutoVector <Payload> payloads );
00358 
00363             Enums::MESSAGE_ACTION createInformationalResponse( AutoVector<Payload> responses );
00364 
00369             Enums::MESSAGE_ACTION createRekeyIkeSaRequest();
00370 
00375             Enums::MESSAGE_ACTION createRekeyIkeSaResponse( );
00376 
00381             Enums::MESSAGE_ACTION createEapInitResponse( auto_ptr<Certificate> my_certificate );
00382 
00388             Enums::MESSAGE_ACTION createEapContinueRequest( auto_ptr<Payload_EAP> payload_eap );
00389 
00395             Enums::MESSAGE_ACTION createEapContinueResponse( auto_ptr<Payload_EAP> payload_eap );
00396 
00401             Enums::MESSAGE_ACTION createEapFinishRequest();
00402 
00408             Enums::MESSAGE_ACTION createEapFinishResponse( auto_ptr<Payload_CONF> payload_conf_r );
00409 
00415             Enums::MESSAGE_ACTION createDeleteChildSaRequest( uint32_t spi );
00416 
00421             Enums::MESSAGE_ACTION createDeleteIkeSaRequest();
00422 
00428             Enums::MESSAGE_ACTION createInformationalRequest( AutoVector <Payload> payloads );
00429 
00435             Enums::MESSAGE_ACTION processIkeSaInitRequest( Message& message );
00436 
00442             Enums::MESSAGE_ACTION processIkeSaInitResponse( Message& message );
00443 
00449             Enums::MESSAGE_ACTION processIkeAuthRequest( Message& message );
00450 
00456             Enums::MESSAGE_ACTION processIkeAuthNoEapRequest( Message& message );
00457 
00463             Enums::MESSAGE_ACTION processIkeAuthResponse( Message& message );
00464 
00470             Enums::MESSAGE_ACTION processIkeAuthNoEapResponse( Message& message );
00471 
00477             Enums::MESSAGE_ACTION processCreateChildSaRequest( Message& message );
00478             Enums::MESSAGE_ACTION processNewChildSaRequest( Message& message );
00479             Enums::MESSAGE_ACTION processRekeyChildSaRequest( Message& message );
00480             Enums::MESSAGE_ACTION processRekeyIkeSaRequest( Message& message );
00481 
00482 
00483             Enums::MESSAGE_ACTION processCreateChildSaResponse( Message& message );
00484             Enums::MESSAGE_ACTION processNewChildSaResponse( Message& message );
00485             Enums::MESSAGE_ACTION processRekeyChildSaResponse( Message& message );
00486             Enums::MESSAGE_ACTION processRekeyIkeSaResponse( Message& message );
00487 
00493             Enums::MESSAGE_ACTION processInformationalRequest( Message &message );
00494 
00495             Enums::MESSAGE_ACTION processInformationalResponse( Message &message );
00496 
00502             Enums::MESSAGE_ACTION processEapInitRequest( Message& message );
00503 
00509             Enums::MESSAGE_ACTION processEapInitResponse( Message& message );
00510 
00516             Enums::MESSAGE_ACTION processEapContinueRequest( Message& message );
00517 
00523             Enums::MESSAGE_ACTION processEapContinueResponse( Message& message );
00524 
00530             Enums::MESSAGE_ACTION processEapFinishRequest( Message& message );
00531 
00537             Enums::MESSAGE_ACTION processEapFinishResponse( Message& message );
00538 
00543             Enums::MESSAGE_ACTION processMessage( Message& message );
00544 
00551             Enums::NOTIFY_ACTION processNotifies( Message& message, ChildSa* child_sa );
00552 
00553             void sendNotifyResponse( Message::EXCHANGE_TYPE type, auto_ptr<Payload_NOTIFY> notify );
00554 
00560             AutoVector<Payload> processDeleteRequest( vector<Payload*> payloads_delete );
00561 
00567             AutoVector<Payload> processNotifyRequest( Message & message );
00568 
00574             AutoVector<Payload> processConfigRequest( vector<Payload*> payloads_config );
00575 
00576 
00581             void processDeleteResponse( vector<Payload*> payloads_delete );
00582 
00587             void processNotifyResponse( Message& message );
00588 
00593             void processConfigResponse( vector<Payload*> payloads_config );
00594 
00598             Enums::MESSAGE_ACTION retransmitLastRequest();
00599 
00603             void retransmitLastResponse();
00604 
00609             void notifyAlarm( Alarm& alarm );
00610 
00611             Enums::MESSAGE_ACTION processAlarm( Alarm& alarm );
00612 
00619             void IKE_SA_ERROR_i( string error1, string error2, Payload_NOTIFY::NOTIFY_TYPE error_type );
00620 
00629             void IKE_SA_ERROR_r( string error1, string error2, Payload_NOTIFY::NOTIFY_TYPE error_type, Message::EXCHANGE_TYPE exchange_type );
00630 
00631             void IKE_SA_ERROR( bool initiator, string error1, string error2, Payload_NOTIFY::NOTIFY_TYPE error_type, Message::EXCHANGE_TYPE exchange_type );
00632 
00641             void CHILD_SA_ERROR_i( string error1, string error2, Payload_NOTIFY::NOTIFY_TYPE error_type, ChildSa& child_sa );
00642 
00652             void CHILD_SA_ERROR_r( string error1, string error2, Payload_NOTIFY::NOTIFY_TYPE error_type, Message::EXCHANGE_TYPE exchange_type, ChildSa& child_sa );
00653 
00654             IkeConfiguration& getIkeConfiguration() const;
00655 
00656             virtual ~IkeSaController();
00657     };
00658 
00659 };
00660 #endif
Generated on Fri Jul 27 11:04:44 2007 for libopenikev2 by  doxygen 1.5.1