diff options
author | Jan Hutter <jhutter@hsr.ch> | 2005-11-22 11:55:17 +0000 |
---|---|---|
committer | Jan Hutter <jhutter@hsr.ch> | 2005-11-22 11:55:17 +0000 |
commit | 323ff573d2e535e7cf81fd1cce954bae4645fff3 (patch) | |
tree | f3474b26b8bf3120b20627c8e4a0e4a44d34d29e | |
parent | 723b6664521b0d4e4fb77f655b92706f19fc3998 (diff) | |
download | strongswan-323ff573d2e535e7cf81fd1cce954bae4645fff3.tar.bz2 strongswan-323ff573d2e535e7cf81fd1cce954bae4645fff3.tar.xz |
- partly documented
-rw-r--r-- | Source/charon/configuration_manager.c | 286 | ||||
-rw-r--r-- | Source/charon/configuration_manager.h | 17 |
2 files changed, 171 insertions, 132 deletions
diff --git a/Source/charon/configuration_manager.c b/Source/charon/configuration_manager.c index df6f9af22..75d613f9e 100644 --- a/Source/charon/configuration_manager.c +++ b/Source/charon/configuration_manager.c @@ -27,6 +27,7 @@ #include "configuration_manager.h" #include "types.h" +#include "globals.h" #include "utils/allocator.h" #include "payloads/nonce_payload.h" #include "payloads/proposal_substructure.h" @@ -45,29 +46,45 @@ struct private_configuration_manager_s { */ configuration_manager_t public; + /** + * Assigned logger object + */ + logger_t *logger; }; +/** + * Implements function configuration_manager_t.get_remote_host . + */ static status_t get_remote_host(private_configuration_manager_t *this, char *name, host_t **host) { - /* some hard coded users for testing */ + /* + * For testing purposes, hard coded host informations are returned. + * + * Further improvements could store them in a linked list or hash table + */ + host_t *remote; - if (strcmp(name, "pinflb30") == 0) { + status_t status = SUCCESS; + + if (strcmp(name, "pinflb30") == 0) + { remote = host_create(AF_INET, "152.96.193.131", 500); - if (remote == NULL) { - return OUT_OF_RES; - } - *host = remote; - return SUCCESS; } - else if (strcmp(name, "pinflb31") == 0) { + else if (strcmp(name, "pinflb31") == 0) + { remote = host_create(AF_INET, "152.96.193.131", 500); - if (remote == NULL) { - return OUT_OF_RES; - } - *host = remote; - return SUCCESS; } - return NOT_FOUND; + else + { + status = NOT_FOUND; + } + if ((status != NOT_FOUND) && (remote == NULL)) + { + return OUT_OF_RES; + } + + *host = remote; + return status; } static status_t get_local_host(private_configuration_manager_t *this, char *name, host_t **host) @@ -91,7 +108,7 @@ static status_t get_dh_group_number(private_configuration_manager_t *this,char * static status_t get_proposals_for_host(private_configuration_manager_t *this, host_t *host, linked_list_iterator_t *iterator) { - /* use a default proposal: + /* use a default IKE proposal: * - ENCR_AES_CBC 128Bit * - PRF_HMAC_SHA1 128Bit * - AUTH_HMAC_SHA1_96 96Bit @@ -160,7 +177,7 @@ static status_t get_proposals_for_host(private_configuration_manager_t *this, ho return OUT_OF_RES; } transform->set_transform_type(transform, PSEUDO_RANDOM_FUNCTION); - transform->set_transform_id(transform, PRF_HMAC_MD5); + transform->set_transform_id(transform, PRF_HMAC_SHA1); attribute = transform_attribute_create(); if (attribute == NULL) @@ -175,7 +192,7 @@ static status_t get_proposals_for_host(private_configuration_manager_t *this, ho return OUT_OF_RES; } attribute->set_attribute_type(attribute, KEY_LENGTH); - attribute->set_value(attribute, 16); + attribute->set_value(attribute, 20); /* @@ -237,158 +254,148 @@ static status_t get_proposals_for_host(private_configuration_manager_t *this, ho static status_t select_proposals_for_host(private_configuration_manager_t *this, host_t *host, linked_list_iterator_t *in, linked_list_iterator_t *out) { - /* use a default proposal: - * - ENCR_AES_CBC 128Bit - * - PRF_HMAC_SHA1 128Bit - * - AUTH_HMAC_SHA1_96 96Bit - * - MODP_1024_BIT - */ - proposal_substructure_t *proposal; - transform_substructure_t *transform; - transform_attribute_t *attribute; status_t status; + proposal_substructure_t *first_suggested_proposal; + proposal_substructure_t *selected_proposal; - proposal = proposal_substructure_create(); - if (proposal == NULL) + /* select just first suggested proposal */ + + this->logger->log(this->logger,CONTROL | MORE, "Going to select first suggested proposal"); + if (!in->has_next(in)) { - return OUT_OF_RES; + this->logger->log(this->logger,ERROR | MORE, "No proposal suggested"); + /* no suggested proposal! */ + return FAILED; } - proposal->set_proposal_number(proposal, 1); - proposal->set_protocol_id(proposal, 1); - - /* - * Encryption Algorithm - */ - transform = transform_substructure_create(); - if (transform == NULL) - { - proposal->destroy(proposal); - return OUT_OF_RES; - } - status = proposal->add_transform_substructure(proposal, transform); + status = in->current(in,(void **) &first_suggested_proposal); if (status != SUCCESS) { - proposal->destroy(proposal); - return OUT_OF_RES; + this->logger->log(this->logger,ERROR, "Fatal error: could not get first proposal from iterator"); + return status; } - transform->set_transform_type(transform, ENCRYPTION_ALGORITHM); - transform->set_transform_id(transform, ENCR_AES_CBC); - - attribute = transform_attribute_create(); - if (attribute == NULL) - { - proposal->destroy(proposal); - return OUT_OF_RES; - } - status = transform->add_transform_attribute(transform, attribute); + status = first_suggested_proposal->clone(first_suggested_proposal,&selected_proposal); if (status != SUCCESS) { - proposal->destroy(proposal); - return OUT_OF_RES; + this->logger->log(this->logger,ERROR, "Fatal error: could not clone proposal"); + /* could not clone proposal */ + return status; } - attribute->set_attribute_type(attribute, KEY_LENGTH); - attribute->set_value(attribute, 16); - /* - * Pseudo-random Function - */ - transform = transform_substructure_create(); - if (transform == NULL) - { - proposal->destroy(proposal); - return OUT_OF_RES; - } - status = proposal->add_transform_substructure(proposal, transform); + status = out->insert_after(out,selected_proposal); if (status != SUCCESS) { - proposal->destroy(proposal); - return OUT_OF_RES; - } - transform->set_transform_type(transform, PSEUDO_RANDOM_FUNCTION); - transform->set_transform_id(transform, PRF_HMAC_MD5); - - attribute = transform_attribute_create(); - if (attribute == NULL) - { - proposal->destroy(proposal); - return OUT_OF_RES; - } - status = transform->add_transform_attribute(transform, attribute); - if (status != SUCCESS) - { - proposal->destroy(proposal); - return OUT_OF_RES; - } - attribute->set_attribute_type(attribute, KEY_LENGTH); - attribute->set_value(attribute, 16); + this->logger->log(this->logger,ERROR, "Fatal error: could not insert selected proposal in out iterator"); + } + return status; +} - - /* - * Integrity Algorithm - */ - transform = transform_substructure_create(); - if (transform == NULL) +static status_t get_transforms_for_host_and_proposals (private_configuration_manager_t *this, host_t *host, linked_list_iterator_t *proposals,crypter_t **crypter,signer_t **signer, prf_t **prf) +{ + crypter_t *selected_crypter = NULL; + signer_t *selected_signer = NULL; + prf_t *selected_prf = NULL; + proposal_substructure_t *proposal; + linked_list_iterator_t *transforms; + status_t status; + + this->logger->log(this->logger,ERROR, "Going to get transforms for given proposal"); + + if (!proposals->has_next(proposals)) { - proposal->destroy(proposal); - return OUT_OF_RES; + this->logger->log(this->logger,ERROR | MORE, "No proposal available"); + return FAILED; } - status = proposal->add_transform_substructure(proposal, transform); + + status = proposals->current(proposals,(void **) &(proposal)); if (status != SUCCESS) { - proposal->destroy(proposal); - return OUT_OF_RES; + this->logger->log(this->logger,ERROR, "Fatal error: could not get first proposal from iterator"); + return status; } - transform->set_transform_type(transform, INTEGRITIY_ALGORITHM); - transform->set_transform_id(transform, AUTH_HMAC_MD5_96); - attribute = transform_attribute_create(); - if (attribute == NULL) - { - proposal->destroy(proposal); - return OUT_OF_RES; - } - status = transform->add_transform_attribute(transform, attribute); + status = proposal->create_transform_substructure_iterator(proposal,&transforms,TRUE); if (status != SUCCESS) { - proposal->destroy(proposal); - return OUT_OF_RES; + this->logger->log(this->logger,ERROR, "Fatal error: could not create iterator of transforms"); + return status; } - attribute->set_attribute_type(attribute, KEY_LENGTH); - attribute->set_value(attribute, 16); - - - /* - * Diffie-Hellman Group - */ - transform = transform_substructure_create(); - if (transform == NULL) - { - proposal->destroy(proposal); - return OUT_OF_RES; - } - status = proposal->add_transform_substructure(proposal, transform); - if (status != SUCCESS) + + while (transforms->has_next(transforms)) { - proposal->destroy(proposal); - return OUT_OF_RES; + transform_substructure_t *current_transform; + transform_type_t transform_type; + u_int16_t transform_id; + + status = transforms->current(transforms,(void **) &(current_transform)); + if (status != SUCCESS) + { + this->logger->log(this->logger,ERROR, "Fatal error: could not get current transform substructure object"); + transforms->destroy(transforms); + return status; + } + + transform_type = current_transform->get_transform_type(current_transform); + transform_id = current_transform->get_transform_id(current_transform); + + this->logger->log(this->logger,CONTROL | MOST, "Going to process transform of type %s",mapping_find(transform_type_m,transform_type)); + switch (transform_type) + { + case ENCRYPTION_ALGORITHM: + { + this->logger->log(this->logger,CONTROL | MORE, "Encryption algorithm: %s",mapping_find(encryption_algorithm_m,transform_id)); + break; + } + case PSEUDO_RANDOM_FUNCTION: + { + this->logger->log(this->logger,CONTROL | MORE, "Create transform object for PRF of type %s",mapping_find(pseudo_random_function_m,transform_id)); + + selected_prf = prf_create(transform_id); + if (selected_prf == NULL) + { + this->logger->log(this->logger,ERROR | MORE, "PRF not supported!"); + transforms->destroy(transforms); + return FAILED; + } + break; + } + case INTEGRITIY_ALGORITHM: + { + this->logger->log(this->logger,CONTROL | MORE, "Integrity algorithm: %s",mapping_find(integrity_algorithm_m,transform_id)); + break; + } + case DIFFIE_HELLMAN_GROUP: + { + this->logger->log(this->logger,CONTROL | MORE, "DH Group: %s",mapping_find(diffie_hellman_group_m,transform_id)); + break; + } + default: + { + this->logger->log(this->logger,ERROR | MORE, "Transform type not supported!"); + transforms->destroy(transforms); + return FAILED; + } + } } - transform->set_transform_type(transform, DIFFIE_HELLMAN_GROUP); - transform->set_transform_id(transform, MODP_1024_BIT); - out->insert_after(out, (void*)proposal); + transforms->destroy(transforms); + + *crypter = selected_crypter; + *signer = selected_signer; + *prf = selected_prf; return SUCCESS; } static status_t is_dh_group_allowed_for_host(private_configuration_manager_t *this, host_t *host, diffie_hellman_group_t group, bool *allowed) { - if (group == MODP_768_BIT || - group == MODP_1024_BIT) + if (group == MODP_768_BIT || group == MODP_1024_BIT) { *allowed = TRUE; } *allowed = FALSE; + + this->logger->log(this->logger,CONTROL | MORE, "DH group %s is %s",mapping_find(diffie_hellman_group_m, group),(allowed)? "allowed" : "not allowed"); return SUCCESS; } @@ -399,6 +406,10 @@ static status_t is_dh_group_allowed_for_host(private_configuration_manager_t *th */ static status_t destroy(private_configuration_manager_t *this) { + this->logger->log(this->logger,CONTROL | MORE, "Going to destroy configuration manager "); + + this->logger->log(this->logger,CONTROL | MOST, "Destroy assigned logger"); + global_logger_manager->destroy_logger(global_logger_manager,this->logger); allocator_free(this); return SUCCESS; } @@ -409,6 +420,7 @@ static status_t destroy(private_configuration_manager_t *this) configuration_manager_t *configuration_manager_create() { private_configuration_manager_t *this = allocator_alloc_thing(private_configuration_manager_t); + if (this == NULL) { return NULL; @@ -421,7 +433,17 @@ configuration_manager_t *configuration_manager_create() this->public.get_dh_group_number = (status_t(*)(configuration_manager_t*,char*,u_int16_t *, u_int16_t))get_dh_group_number; this->public.get_proposals_for_host = (status_t(*)(configuration_manager_t*,host_t*,linked_list_iterator_t*))get_proposals_for_host; this->public.select_proposals_for_host = (status_t(*)(configuration_manager_t*,host_t*,linked_list_iterator_t*,linked_list_iterator_t*))select_proposals_for_host; + this->public.get_transforms_for_host_and_proposals = (status_t (*) (configuration_manager_t *, host_t *, linked_list_iterator_t *,crypter_t **,signer_t **, prf_t **)) get_transforms_for_host_and_proposals; this->public.is_dh_group_allowed_for_host = (status_t(*)(configuration_manager_t*,host_t*,diffie_hellman_group_t,bool*)) is_dh_group_allowed_for_host; + /* private variables */ + this->logger = global_logger_manager->create_logger(global_logger_manager,CONFIGURATION_MANAGER,NULL); + + if (this->logger == NULL) + { + allocator_free(this); + return NULL; + } + return (&this->public); } diff --git a/Source/charon/configuration_manager.h b/Source/charon/configuration_manager.h index af3f534da..07cdef58c 100644 --- a/Source/charon/configuration_manager.h +++ b/Source/charon/configuration_manager.h @@ -27,6 +27,9 @@ #include "utils/linked_list.h" #include "utils/host.h" #include "payloads/transform_substructure.h" +#include "transforms/prfs/prf.h" +#include "transforms/signers/signer.h" +#include "transforms/crypters/crypter.h" /** * @brief Manages all configuration aspects of the daemon. @@ -36,6 +39,18 @@ typedef struct configuration_manager_s configuration_manager_t; struct configuration_manager_s { + /** + * Gets the remote host informations for a specific configuration name + * + * @param this calling object + * @param name name of the configuration + * @param host remote host informations are stored at this location + * + * @return + * - NOT_FOUND + * - SUCCESS + * - OUT_OF_RES + */ status_t (*get_remote_host) (configuration_manager_t *this, char *name, host_t **host); status_t (*get_local_host) (configuration_manager_t *this, char *name, host_t **host); @@ -46,6 +61,8 @@ struct configuration_manager_s { status_t (*select_proposals_for_host) (configuration_manager_t *this, host_t *host, linked_list_iterator_t *in, linked_list_iterator_t *out); + status_t (*get_transforms_for_host_and_proposals) (configuration_manager_t *this, host_t *host, linked_list_iterator_t *proposals,crypter_t **crypter,signer_t **signer, prf_t **prf); + status_t (*is_dh_group_allowed_for_host) (configuration_manager_t *this, host_t *host, diffie_hellman_group_t group, bool *allowed); status_t (*destroy) (configuration_manager_t *this); |