aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJan Hutter <jhutter@hsr.ch>2005-11-22 11:55:17 +0000
committerJan Hutter <jhutter@hsr.ch>2005-11-22 11:55:17 +0000
commit323ff573d2e535e7cf81fd1cce954bae4645fff3 (patch)
treef3474b26b8bf3120b20627c8e4a0e4a44d34d29e
parent723b6664521b0d4e4fb77f655b92706f19fc3998 (diff)
downloadstrongswan-323ff573d2e535e7cf81fd1cce954bae4645fff3.tar.bz2
strongswan-323ff573d2e535e7cf81fd1cce954bae4645fff3.tar.xz
- partly documented
-rw-r--r--Source/charon/configuration_manager.c286
-rw-r--r--Source/charon/configuration_manager.h17
2 files changed, 171 insertions, 132 deletions
diff --git a/Source/charon/configuration_manager.c b/Source/charon/configuration_manager.c
index df6f9af22..75d613f9e 100644
--- a/Source/charon/configuration_manager.c
+++ b/Source/charon/configuration_manager.c
@@ -27,6 +27,7 @@
#include "configuration_manager.h"
#include "types.h"
+#include "globals.h"
#include "utils/allocator.h"
#include "payloads/nonce_payload.h"
#include "payloads/proposal_substructure.h"
@@ -45,29 +46,45 @@ struct private_configuration_manager_s {
*/
configuration_manager_t public;
+ /**
+ * Assigned logger object
+ */
+ logger_t *logger;
};
+/**
+ * Implements function configuration_manager_t.get_remote_host .
+ */
static status_t get_remote_host(private_configuration_manager_t *this, char *name, host_t **host)
{
- /* some hard coded users for testing */
+ /*
+ * For testing purposes, hard coded host informations are returned.
+ *
+ * Further improvements could store them in a linked list or hash table
+ */
+
host_t *remote;
- if (strcmp(name, "pinflb30") == 0) {
+ status_t status = SUCCESS;
+
+ if (strcmp(name, "pinflb30") == 0)
+ {
remote = host_create(AF_INET, "152.96.193.131", 500);
- if (remote == NULL) {
- return OUT_OF_RES;
- }
- *host = remote;
- return SUCCESS;
}
- else if (strcmp(name, "pinflb31") == 0) {
+ else if (strcmp(name, "pinflb31") == 0)
+ {
remote = host_create(AF_INET, "152.96.193.131", 500);
- if (remote == NULL) {
- return OUT_OF_RES;
- }
- *host = remote;
- return SUCCESS;
}
- return NOT_FOUND;
+ else
+ {
+ status = NOT_FOUND;
+ }
+ if ((status != NOT_FOUND) && (remote == NULL))
+ {
+ return OUT_OF_RES;
+ }
+
+ *host = remote;
+ return status;
}
static status_t get_local_host(private_configuration_manager_t *this, char *name, host_t **host)
@@ -91,7 +108,7 @@ static status_t get_dh_group_number(private_configuration_manager_t *this,char *
static status_t get_proposals_for_host(private_configuration_manager_t *this, host_t *host, linked_list_iterator_t *iterator)
{
- /* use a default proposal:
+ /* use a default IKE proposal:
* - ENCR_AES_CBC 128Bit
* - PRF_HMAC_SHA1 128Bit
* - AUTH_HMAC_SHA1_96 96Bit
@@ -160,7 +177,7 @@ static status_t get_proposals_for_host(private_configuration_manager_t *this, ho
return OUT_OF_RES;
}
transform->set_transform_type(transform, PSEUDO_RANDOM_FUNCTION);
- transform->set_transform_id(transform, PRF_HMAC_MD5);
+ transform->set_transform_id(transform, PRF_HMAC_SHA1);
attribute = transform_attribute_create();
if (attribute == NULL)
@@ -175,7 +192,7 @@ static status_t get_proposals_for_host(private_configuration_manager_t *this, ho
return OUT_OF_RES;
}
attribute->set_attribute_type(attribute, KEY_LENGTH);
- attribute->set_value(attribute, 16);
+ attribute->set_value(attribute, 20);
/*
@@ -237,158 +254,148 @@ static status_t get_proposals_for_host(private_configuration_manager_t *this, ho
static status_t select_proposals_for_host(private_configuration_manager_t *this, host_t *host, linked_list_iterator_t *in, linked_list_iterator_t *out)
{
- /* use a default proposal:
- * - ENCR_AES_CBC 128Bit
- * - PRF_HMAC_SHA1 128Bit
- * - AUTH_HMAC_SHA1_96 96Bit
- * - MODP_1024_BIT
- */
- proposal_substructure_t *proposal;
- transform_substructure_t *transform;
- transform_attribute_t *attribute;
status_t status;
+ proposal_substructure_t *first_suggested_proposal;
+ proposal_substructure_t *selected_proposal;
- proposal = proposal_substructure_create();
- if (proposal == NULL)
+ /* select just first suggested proposal */
+
+ this->logger->log(this->logger,CONTROL | MORE, "Going to select first suggested proposal");
+ if (!in->has_next(in))
{
- return OUT_OF_RES;
+ this->logger->log(this->logger,ERROR | MORE, "No proposal suggested");
+ /* no suggested proposal! */
+ return FAILED;
}
- proposal->set_proposal_number(proposal, 1);
- proposal->set_protocol_id(proposal, 1);
-
- /*
- * Encryption Algorithm
- */
- transform = transform_substructure_create();
- if (transform == NULL)
- {
- proposal->destroy(proposal);
- return OUT_OF_RES;
- }
- status = proposal->add_transform_substructure(proposal, transform);
+ status = in->current(in,(void **) &first_suggested_proposal);
if (status != SUCCESS)
{
- proposal->destroy(proposal);
- return OUT_OF_RES;
+ this->logger->log(this->logger,ERROR, "Fatal error: could not get first proposal from iterator");
+ return status;
}
- transform->set_transform_type(transform, ENCRYPTION_ALGORITHM);
- transform->set_transform_id(transform, ENCR_AES_CBC);
-
- attribute = transform_attribute_create();
- if (attribute == NULL)
- {
- proposal->destroy(proposal);
- return OUT_OF_RES;
- }
- status = transform->add_transform_attribute(transform, attribute);
+ status = first_suggested_proposal->clone(first_suggested_proposal,&selected_proposal);
if (status != SUCCESS)
{
- proposal->destroy(proposal);
- return OUT_OF_RES;
+ this->logger->log(this->logger,ERROR, "Fatal error: could not clone proposal");
+ /* could not clone proposal */
+ return status;
}
- attribute->set_attribute_type(attribute, KEY_LENGTH);
- attribute->set_value(attribute, 16);
- /*
- * Pseudo-random Function
- */
- transform = transform_substructure_create();
- if (transform == NULL)
- {
- proposal->destroy(proposal);
- return OUT_OF_RES;
- }
- status = proposal->add_transform_substructure(proposal, transform);
+ status = out->insert_after(out,selected_proposal);
if (status != SUCCESS)
{
- proposal->destroy(proposal);
- return OUT_OF_RES;
- }
- transform->set_transform_type(transform, PSEUDO_RANDOM_FUNCTION);
- transform->set_transform_id(transform, PRF_HMAC_MD5);
-
- attribute = transform_attribute_create();
- if (attribute == NULL)
- {
- proposal->destroy(proposal);
- return OUT_OF_RES;
- }
- status = transform->add_transform_attribute(transform, attribute);
- if (status != SUCCESS)
- {
- proposal->destroy(proposal);
- return OUT_OF_RES;
- }
- attribute->set_attribute_type(attribute, KEY_LENGTH);
- attribute->set_value(attribute, 16);
+ this->logger->log(this->logger,ERROR, "Fatal error: could not insert selected proposal in out iterator");
+ }
+ return status;
+}
-
- /*
- * Integrity Algorithm
- */
- transform = transform_substructure_create();
- if (transform == NULL)
+static status_t get_transforms_for_host_and_proposals (private_configuration_manager_t *this, host_t *host, linked_list_iterator_t *proposals,crypter_t **crypter,signer_t **signer, prf_t **prf)
+{
+ crypter_t *selected_crypter = NULL;
+ signer_t *selected_signer = NULL;
+ prf_t *selected_prf = NULL;
+ proposal_substructure_t *proposal;
+ linked_list_iterator_t *transforms;
+ status_t status;
+
+ this->logger->log(this->logger,ERROR, "Going to get transforms for given proposal");
+
+ if (!proposals->has_next(proposals))
{
- proposal->destroy(proposal);
- return OUT_OF_RES;
+ this->logger->log(this->logger,ERROR | MORE, "No proposal available");
+ return FAILED;
}
- status = proposal->add_transform_substructure(proposal, transform);
+
+ status = proposals->current(proposals,(void **) &(proposal));
if (status != SUCCESS)
{
- proposal->destroy(proposal);
- return OUT_OF_RES;
+ this->logger->log(this->logger,ERROR, "Fatal error: could not get first proposal from iterator");
+ return status;
}
- transform->set_transform_type(transform, INTEGRITIY_ALGORITHM);
- transform->set_transform_id(transform, AUTH_HMAC_MD5_96);
- attribute = transform_attribute_create();
- if (attribute == NULL)
- {
- proposal->destroy(proposal);
- return OUT_OF_RES;
- }
- status = transform->add_transform_attribute(transform, attribute);
+ status = proposal->create_transform_substructure_iterator(proposal,&transforms,TRUE);
if (status != SUCCESS)
{
- proposal->destroy(proposal);
- return OUT_OF_RES;
+ this->logger->log(this->logger,ERROR, "Fatal error: could not create iterator of transforms");
+ return status;
}
- attribute->set_attribute_type(attribute, KEY_LENGTH);
- attribute->set_value(attribute, 16);
-
-
- /*
- * Diffie-Hellman Group
- */
- transform = transform_substructure_create();
- if (transform == NULL)
- {
- proposal->destroy(proposal);
- return OUT_OF_RES;
- }
- status = proposal->add_transform_substructure(proposal, transform);
- if (status != SUCCESS)
+
+ while (transforms->has_next(transforms))
{
- proposal->destroy(proposal);
- return OUT_OF_RES;
+ transform_substructure_t *current_transform;
+ transform_type_t transform_type;
+ u_int16_t transform_id;
+
+ status = transforms->current(transforms,(void **) &(current_transform));
+ if (status != SUCCESS)
+ {
+ this->logger->log(this->logger,ERROR, "Fatal error: could not get current transform substructure object");
+ transforms->destroy(transforms);
+ return status;
+ }
+
+ transform_type = current_transform->get_transform_type(current_transform);
+ transform_id = current_transform->get_transform_id(current_transform);
+
+ this->logger->log(this->logger,CONTROL | MOST, "Going to process transform of type %s",mapping_find(transform_type_m,transform_type));
+ switch (transform_type)
+ {
+ case ENCRYPTION_ALGORITHM:
+ {
+ this->logger->log(this->logger,CONTROL | MORE, "Encryption algorithm: %s",mapping_find(encryption_algorithm_m,transform_id));
+ break;
+ }
+ case PSEUDO_RANDOM_FUNCTION:
+ {
+ this->logger->log(this->logger,CONTROL | MORE, "Create transform object for PRF of type %s",mapping_find(pseudo_random_function_m,transform_id));
+
+ selected_prf = prf_create(transform_id);
+ if (selected_prf == NULL)
+ {
+ this->logger->log(this->logger,ERROR | MORE, "PRF not supported!");
+ transforms->destroy(transforms);
+ return FAILED;
+ }
+ break;
+ }
+ case INTEGRITIY_ALGORITHM:
+ {
+ this->logger->log(this->logger,CONTROL | MORE, "Integrity algorithm: %s",mapping_find(integrity_algorithm_m,transform_id));
+ break;
+ }
+ case DIFFIE_HELLMAN_GROUP:
+ {
+ this->logger->log(this->logger,CONTROL | MORE, "DH Group: %s",mapping_find(diffie_hellman_group_m,transform_id));
+ break;
+ }
+ default:
+ {
+ this->logger->log(this->logger,ERROR | MORE, "Transform type not supported!");
+ transforms->destroy(transforms);
+ return FAILED;
+ }
+ }
}
- transform->set_transform_type(transform, DIFFIE_HELLMAN_GROUP);
- transform->set_transform_id(transform, MODP_1024_BIT);
- out->insert_after(out, (void*)proposal);
+ transforms->destroy(transforms);
+
+ *crypter = selected_crypter;
+ *signer = selected_signer;
+ *prf = selected_prf;
return SUCCESS;
}
static status_t is_dh_group_allowed_for_host(private_configuration_manager_t *this, host_t *host, diffie_hellman_group_t group, bool *allowed)
{
- if (group == MODP_768_BIT ||
- group == MODP_1024_BIT)
+ if (group == MODP_768_BIT || group == MODP_1024_BIT)
{
*allowed = TRUE;
}
*allowed = FALSE;
+
+ this->logger->log(this->logger,CONTROL | MORE, "DH group %s is %s",mapping_find(diffie_hellman_group_m, group),(allowed)? "allowed" : "not allowed");
return SUCCESS;
}
@@ -399,6 +406,10 @@ static status_t is_dh_group_allowed_for_host(private_configuration_manager_t *th
*/
static status_t destroy(private_configuration_manager_t *this)
{
+ this->logger->log(this->logger,CONTROL | MORE, "Going to destroy configuration manager ");
+
+ this->logger->log(this->logger,CONTROL | MOST, "Destroy assigned logger");
+ global_logger_manager->destroy_logger(global_logger_manager,this->logger);
allocator_free(this);
return SUCCESS;
}
@@ -409,6 +420,7 @@ static status_t destroy(private_configuration_manager_t *this)
configuration_manager_t *configuration_manager_create()
{
private_configuration_manager_t *this = allocator_alloc_thing(private_configuration_manager_t);
+
if (this == NULL)
{
return NULL;
@@ -421,7 +433,17 @@ configuration_manager_t *configuration_manager_create()
this->public.get_dh_group_number = (status_t(*)(configuration_manager_t*,char*,u_int16_t *, u_int16_t))get_dh_group_number;
this->public.get_proposals_for_host = (status_t(*)(configuration_manager_t*,host_t*,linked_list_iterator_t*))get_proposals_for_host;
this->public.select_proposals_for_host = (status_t(*)(configuration_manager_t*,host_t*,linked_list_iterator_t*,linked_list_iterator_t*))select_proposals_for_host;
+ this->public.get_transforms_for_host_and_proposals = (status_t (*) (configuration_manager_t *, host_t *, linked_list_iterator_t *,crypter_t **,signer_t **, prf_t **)) get_transforms_for_host_and_proposals;
this->public.is_dh_group_allowed_for_host = (status_t(*)(configuration_manager_t*,host_t*,diffie_hellman_group_t,bool*)) is_dh_group_allowed_for_host;
+ /* private variables */
+ this->logger = global_logger_manager->create_logger(global_logger_manager,CONFIGURATION_MANAGER,NULL);
+
+ if (this->logger == NULL)
+ {
+ allocator_free(this);
+ return NULL;
+ }
+
return (&this->public);
}
diff --git a/Source/charon/configuration_manager.h b/Source/charon/configuration_manager.h
index af3f534da..07cdef58c 100644
--- a/Source/charon/configuration_manager.h
+++ b/Source/charon/configuration_manager.h
@@ -27,6 +27,9 @@
#include "utils/linked_list.h"
#include "utils/host.h"
#include "payloads/transform_substructure.h"
+#include "transforms/prfs/prf.h"
+#include "transforms/signers/signer.h"
+#include "transforms/crypters/crypter.h"
/**
* @brief Manages all configuration aspects of the daemon.
@@ -36,6 +39,18 @@ typedef struct configuration_manager_s configuration_manager_t;
struct configuration_manager_s {
+ /**
+ * Gets the remote host informations for a specific configuration name
+ *
+ * @param this calling object
+ * @param name name of the configuration
+ * @param host remote host informations are stored at this location
+ *
+ * @return
+ * - NOT_FOUND
+ * - SUCCESS
+ * - OUT_OF_RES
+ */
status_t (*get_remote_host) (configuration_manager_t *this, char *name, host_t **host);
status_t (*get_local_host) (configuration_manager_t *this, char *name, host_t **host);
@@ -46,6 +61,8 @@ struct configuration_manager_s {
status_t (*select_proposals_for_host) (configuration_manager_t *this, host_t *host, linked_list_iterator_t *in, linked_list_iterator_t *out);
+ status_t (*get_transforms_for_host_and_proposals) (configuration_manager_t *this, host_t *host, linked_list_iterator_t *proposals,crypter_t **crypter,signer_t **signer, prf_t **prf);
+
status_t (*is_dh_group_allowed_for_host) (configuration_manager_t *this, host_t *host, diffie_hellman_group_t group, bool *allowed);
status_t (*destroy) (configuration_manager_t *this);